Greetings List, I am trying to setup ProxyARP a bit in reverse of what is documented. Essentially I have some people connected to our network that are firewalled using shorewall-lite, are nat''ing their internal networks and have servers in our racks. What I want to be able to do is make their servers appear on their networks more natively and ProxyARP looks to be the way to go but I''ve ran into a little snag in that everything looks nice but they are connecting to the server using their firewalls address instead of their internal address. I figure I''m missing something in the masq file and hope you can point me in the right direction. Thanks, Nathan ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today''s security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
On 9/17/12 1:30 PM, Nathan Kennedy wrote:> Greetings List, > > I am trying to setup ProxyARP a bit in reverse of what is documented. > Essentially I have some people connected to our network that are > firewalled using shorewall-lite, are nat''ing their internal networks and > have servers in our racks. > What I want to be able to do is make their servers appear on their > networks more natively and ProxyARP looks to be the way to go but I''ve > ran into a little snag in that everything looks nice but they are > connecting to the server using their firewalls address instead of their > internal address. > I figure I''m missing something in the masq file and hope you can point > me in the right direction.Can you draw us a diagram -- I''m lost just reading your post. Thanks, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today''s security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
I''m hoping the list allows for attachments. Please see the PDF attached to this email for the diagram and I will try to explain a little more. As the diagram shows our network is 10.1.1.0/24 and our clients network is 192.168.30.0/24 connected through a router via fiber. Their server is in our rack with the address of 192.168.30.4. What I am trying to do is setup proxyarp on their router so the server in our rack appears on their network. The problem I am running into is that when connections are being made to the server at 192.168.30.4 they are showing up as the NAT address of 10.1.1.32 instead of their address on 192.168.30.0/24. To be a little more complete I am adding the entries in the masq and proxyarp files masq: ############################################################################### #INTERFACE SOURCE ADDRESS PROTO PORT(S) IPSEC MARK eth0 eth1 proxyarp: ############################################################################### #ADDRESS INTERFACE EXTERNAL HAVEROUTE PERSISTENT 192.168.30.4 eth0 eth1 no yes Thank you for the assistance with this problem of mine. On 09/17/2012 04:26 PM, Tom Eastep wrote:> On 9/17/12 1:30 PM, Nathan Kennedy wrote: >> Greetings List, >> >> I am trying to setup ProxyARP a bit in reverse of what is documented. >> Essentially I have some people connected to our network that are >> firewalled using shorewall-lite, are nat''ing their internal networks and >> have servers in our racks. >> What I want to be able to do is make their servers appear on their >> networks more natively and ProxyARP looks to be the way to go but I''ve >> ran into a little snag in that everything looks nice but they are >> connecting to the server using their firewalls address instead of their >> internal address. >> I figure I''m missing something in the masq file and hope you can point >> me in the right direction. > Can you draw us a diagram -- I''m lost just reading your post. > > Thanks, > -Tom > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today''s security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today''s security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
On 09/18/2012 08:41 AM, Nathan Kennedy wrote:> I''m hoping the list allows for attachments. Please see the PDF attached > to this email for the diagram and I will try to explain a little more. > As the diagram shows our network is 10.1.1.0/24 and our clients network > is 192.168.30.0/24 connected through a router via fiber. Their server is > in our rack with the address of 192.168.30.4. What I am trying to do is > setup proxyarp on their router so the server in our rack appears on > their network. The problem I am running into is that when connections > are being made to the server at 192.168.30.4 they are showing up as the > NAT address of 10.1.1.32 instead of their address on 192.168.30.0/24. > To be a little more complete I am adding the entries in the masq and > proxyarp files > > masq: > ############################################################################### > #INTERFACE SOURCE ADDRESS PROTO PORT(S) > IPSEC MARK > eth0 eth1Change that to eth0 10.1.1.0/24 -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today''s security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/