Displaying 20 results from an estimated 1000 matches similar to: "Does anyone have a working proxyARP setup?"
2005 Jan 28
1
proxyarp problem
shorewall-users
hi,ALL
I have a firewall have three interface, one NIC is internal (eth0),
second NIC is SSN(eth2), and other NIC is external(eth1),
on internal network have 10.0.1.59 and gw 10.0.1.163
eth0: 192.168.1.254/24
eth1: 10.0.1.55/24 gw 10.0.1.163
I use shorewall''s proxyarp
10.0.1.59 eth1 eth0 no no
that is OK.
I saw /usr/share/shorewall/firewall, I
2004 Sep 10
1
Is ProxyARP or NAT entries really neccesary for DNAT to work?
I have been trying to get DNAT to work and I actually have succeeded
too, however, not how I thought it would work when reading through the
documentation.
1. No matter what I do I cannot get DNAT to work unless I have an entry
in eiter the nat or the proxyarp file. Is that really how it''s supposed
to be? I can''t find anything about it in the documentation.
2. Also, in the
2011 Aug 02
5
selinux issues
Please see https://bugzilla.redhat.com/show_bug.cgi?id=727648 for more info.
Shorewall executes some bash code like the following:
while read address interface external haveroute; do
qt $IP -4 neigh del proxy $address dev $external
[ -z "${haveroute}${g_noroutes}" ] && qt $IP -4 route del
$address/32 dev $interface
2005 Mar 11
1
Do I need NAT?
Yes, this is a dumb question. I haven''t the time nor the resources to
dig into the guts of this right now, so perhaps someone will take a few
minutes to help, please.
I just implemented a classic "nano" multipath setup. The script is at
http://yesican.chsoft.biz/lartc/rc.nano1
What I need to know is if I need SNAT in the firewall when a packet
comes in on the
2003 Feb 03
4
[Bug 40] system hangs, Availability problems, maybe conntrack bug, possible reason here.
https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=40
laforge@netfilter.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |ASSIGNED
------- Additional Comments From laforge@netfilter.org 2003-02-03 16:49 -------
We haven't seen this
2006 Apr 04
0
RE: Proxy ARP and UDP
I found the problem! It was me and it was dumb...
This was the network layout:
10.10.10.0/24 1.2.3.0/27
10.10.10.n
internal hosts
|
<----+-----+--------+ +-------+------>to the Internet
| | | |
Proxied | | |
H.323 device Firewall Router
eth1 eth0
1.2.3.11
2006 Feb 20
5
Proxy ARP and UDP
Woops - my fat fingers hit the send key before I could put in a subject
a minute ago.
Hello -
I am using kernel 2.4.27 and running into behavior I don''t know how to
explain.
I have 2 relevant interfaces. eth0 is external, eth1 is internal. My
internal LAN is 10.10.10.0/24. My External range is 1.2.3.0/27 (dummied
up). I have an H.323 videoconference device inside my internal
2006 Feb 07
0
proxyarp <--> OpenSwan VPN/Internet
Our VPN runs for 3 months very well with a minimum of traffic <100 kbit/s.
Only DNS Zones and nagios passive checks were transferred. Everything seems
to work.
Left side is x.x.x.14 (host 1)
Subnet 10.0.0.0/24
openswan 2.4.4
shorewall 2.4.2 & iptables 1.3.4
gentoo 2.6.12-r9 with policy match
It´s reachable through a proxyarp entry on x.x.x.11 (host 2) which is
another gentoo 2.6.12-r9
2006 Feb 07
0
WG: AW: WG: proxyarp <--> OpenSwan VPN/Internet
I´ve figured out the following.
I am able to sftp from shorewall 2.4.2 left vpn gateway x.x.x.14 (DMZ) to
shorewall 2.4.1 fw x.x.x.11 with /etc/shorewall/proxyarp
x.x.x.14 eth2 eth0 No
very well. That´s not through a tunnel (of course a ssh tunnel, but no vpn)
but with public ip x.x.x.14 to x.x.x.11
If I try to sftp through the fw to the public internet I have the same
2005 Apr 10
1
FW: ProxyARP in a Routed environment
Tom,
Is not this query worth answering?
-Siva
-----Original Message-----
From: Sivamurugu K. Pillai
Sent: Friday, April 08, 2005 3:14 PM
To: ''Mailing List for Shorewall Users''
Subject: ProxyARP in a Routed environment
Hi,
In a routed network setup , is it possible to use ProxyARP given the condition that the shorewall
external interface and the DMZ interface are in a
2004 Jun 16
0
shorewall and proxyarp ?
Hello all,
I have a question in regards to proxyarp and shorewall, I am new to shorewall
and I have 5 static IP address from my ISP. My current setup is that I have
one system with three network cards, (eth0 = xx.xx.xx.42, eth1 = 192.168.110.41
eth2 = 10.10.10.41), two systems with two network cards, (eth0 = xx.xx.xx.41
and eth1 = 10.10.10.42/44), I want to get rid of the eth1 of the two systems
2011 Apr 15
1
Proxyarp vs DNAT
Hello list,
I am in the process of switching from IPCOP to Shorewall s the firewall
for our small office. I very much like the fact that Shorewall runs on
top of the same OS (openSuSE 11.4) that I run on the server and my desktop.
Our setup is fairly straightforward. We have 8 static ip addresses from
our ISP, which provides a cable modem and a Cisco 800 series router.
The ip addresses are
2006 Jun 02
2
ProxyArp
Hi-
One last question for the week, I promise.
I''ve got one IP ProxyArp''d according to the instructions at
http://www.shorewall.net/ProxyARP.htm. I''ve setup the
shorewall/proxyarp file as follows:
#ADDRESS INTERFACE EXTERNAL HAVEROUTE
PERSISTENT
208.4.145.73 br0 eth1 no yes
#LAST LINE -- ADD YOUR ENTRIES
2005 Jan 18
1
proxyarp and masq ip
Would it be considered normal that a system behind a shorewall box that
was setup for proxyarp and able to be reached from the trusted side of
the net just fine on the proxyapr ip address would if it were to talk
out to the world show as traffic not from the proxyarp address but the
firewall''s own address or the masquerading ip used by other zones? We
had not really noticed this as an
2004 Oct 09
2
odd problem with proxyarp and DNAT
I have some hosts in a DMZ zone with proxyarp. In my local zone I have a host to which I DNAT.
I have discovered that I can reach the host in the local zone by attempting to connect to the fw (As expected) or ANY proxyarped host in my dmz zone (as not expected). Is this normal ?
(I''ve just discovered that actually the dnated host answers to requests sent to any IP routed to my host!)
2005 Jan 05
2
proxyarp IP problem after squid installed.
Hello All,
I am using shorewall 2.0.7. first i give you my config here and will tell you my problem.
ProxyARP:
203.77.204.85 eth1 eth0 no
Interface:
net eth0 203.77.204.87
loc eth1 192.168.0.255 routeback
Masq :
eth0 192.168.0.0/24 203.77.204.86
Rules:
# Squid access
REDIRECT loc 8080 tcp
2005 Jan 12
2
Samba and ProxyArp
Hi
As per my follow up mail I implemented the ProxyArp configuration as per the
Documentation on the Web site and all seemed to be working correctly.
However, the one thing that doesn''t seem to be working properly is Samba.
I have Samba running on the FW machine and one of the servers 192.168.0.8 on
the Local Lan.
I can connect to a Share using Samba from Server to Server, however
2004 Jul 23
1
Please document this
Stephen,
This REALLY needs to be fixed in the code; tc should reject as a syntax
error any "add filter" command that does not include a "prio"
parameter. It also needs to be documented.
=== From LARTC mailing list ===
> Dear list,
> After much code crunching and beating my head against the wall
> (literally), I discovered the faulty code. Thanks mostly to
2005 Feb 11
4
config question for proxyarp hosts?
I''ve got a serious mess of NAT on our firewall/router systems at the
corporate office which seems to do nothing other than confuse the heck
out of people. What I''d like to do is gradually migrate the hosts on
the various DMZ networks away from private IP addresses and NAT over to
public IP addresses and proxyarp.
What I''m wondering, before I start this, is how do I
2005 Jan 22
3
DNAT, NAT or ProxyARP?
Hello Shorewall gurus, I have a dilemma with a public server. I want to migrate the current public server over to a new machine behind the current server''s firewall (shorewall 1.4). I have included a diagram below to help explain the target network I am working toward. I have read the shorewall online documentation and though I have used Shorewall the past 4 years in the current