similar to: changing boxes

Hi- One last question for the week, I promise. I''ve got one IP ProxyArp''d according to the instructions at http://www.shorewall.net/ProxyARP.htm. I''ve setup the shorewall/proxyarp file as follows: #ADDRESS INTERFACE EXTERNAL HAVEROUTE PERSISTENT 208.4.145.73 br0 eth1 no yes #LAST LINE -- ADD YOUR ENTRIES

Hey Tom, I have successfully set up to servers on a Dmz practice network woohoo :). If I take out the proxyarp option in /etc/shorewall/interfaces Then Dmz can ping outside ip''s on the net but not and of my servers on network 66.224.62.96/27 (Other than its own gateway server 66.224.62.120) The reason I ask is to learn. I thought I would not need the proxyarp option for this to

>From http://shorewall.net/ProxyARP.htm (and the Setup Guide): > A word of warning is in order here. ISPs typically configure their > routers with a long ARP cache timeout. If you move a system from > parallel to your firewall to behind your firewall with Proxy ARP, it > will probably be HOURS before that system can communicate with the > internet. You can call your ISP and ask

Hi all! I posted earlier about the proxy arp configuration = http://shorewall.sourceforge.net/shorewall_setup_guide.htm#NonRouted, = and was probably not sufficiently knowledgeable on the subject. I''ve = gone through a bunch of documents on proxy arp, subnetting with proxy = arp and the documentation at shorewall, and have come up with a setup = that would be perfect for the job at hand

Would it be considered normal that a system behind a shorewall box that was setup for proxyarp and able to be reached from the trusted side of the net just fine on the proxyapr ip address would if it were to talk out to the world show as traffic not from the proxyarp address but the firewall''s own address or the masquerading ip used by other zones? We had not really noticed this as an

Hi, In a routed network setup , is it possible to use ProxyARP given the condition that the shorewall external interface and the DMZ interface are in a completely different network . That means the gateway of the External interface and the hosts in ProxyARPed DMZ zones are in different network. eth0 ---in 220.227.X.Y/30 -- shorewall external interface eth1 ---in 220.227.A.B/27 -- shorewall

Hi all! I''ve set up a Linux box with shorewall doing proxy arp as per http://www.shorewall.net/shorewall_setup_guide.htm#ProxyARP the 5.2 (non routed) example. Everything is working great except for one thing, and that leads me to my question: is there a conflict between proxy arp and pptp? I''ve set the apropriate ACCEPT rules to allow tcp port 1723 and protocol 47 to the host

I must have something configured wrong somewhere. I''ve enabled proxy-arp on my shorewall 2.0.7 firewall. Works fine for what its supposed to do, I can see all the machines through it great. However, whenever its enabled, the network on the DMZ goes screwy. I''ve narrowed it down to this: when proxy arp is enabled for that interface, like such: echo 1 >

I am trying to add a machine into my dmz. It is the first machine I''ve ever added to this dmz and fro some reason I cannot establish communication between the dmz and the machine. Here is an example of my setup: ISP router --> firewall (eth0) firewall (eth1) --> local network firewall (eth2) --> DMZ eth0 and eth2 have public IP addresses as does the machine I just added to

I have the following interfaces loc eth0 net0 eth1 net1 eth2 (net0 and net1 are the two ISP networks) policy loc net0 ACCEPT loc net1 ACCEPT net0 all DROP info proxyarp 209.189.103.204 eth0 eth1 no no params Pellucidar=192.168.124.232 rules DNAT net0 loc:$Pellucidar tcp 22,80,1950,50005 - 209.189.103.204 ACCEPT all all icmp

Hi As per my follow up mail I implemented the ProxyArp configuration as per the Documentation on the Web site and all seemed to be working correctly. However, the one thing that doesn''t seem to be working properly is Samba. I have Samba running on the FW machine and one of the servers 192.168.0.8 on the Local Lan. I can connect to a Share using Samba from Server to Server, however

shorewall-users hi,ALL I have a firewall have three interface, one NIC is internal (eth0), second NIC is SSN(eth2), and other NIC is external(eth1), on internal network have 10.0.1.59 and gw 10.0.1.163 eth0: 192.168.1.254/24 eth1: 10.0.1.55/24 gw 10.0.1.163 I use shorewall''s proxyarp 10.0.1.59 eth1 eth0 no no that is OK. I saw /usr/share/shorewall/firewall, I

I have tried unsuccessfully to run both Shorewall 1.2.x, 1.3.x with Proxy ARP on a Red Hat 7.2 machine. The machine was configured as the external firewall as per the ''belt and suspenders'' layout given at http://www.skippy.net/linux/firewall/ The firewall appeared to function correctly in all functions except proxy ARP, however I must say I did not test exhaustively. After

I have an access-IProm my isp that I configured my eth0 with. And I also have an IP-range assigned from my ISP that will be used on my servers connected to eth1. The IP-range is routed thru the access-IP. This is how my configfiles look like. Internal everything seems to work but not external. /etc/shorewall/proxyarp #ADDRESS INTERFACE EXTERNAL HAVEROUTE

My ISP has DHCP-assigned IP-addresses. I wonder if someone has tried using proxyarp for a DMZ with DHCP-assigned public IP?

I''ve got a serious mess of NAT on our firewall/router systems at the corporate office which seems to do nothing other than confuse the heck out of people. What I''d like to do is gradually migrate the hosts on the various DMZ networks away from private IP addresses and NAT over to public IP addresses and proxyarp. What I''m wondering, before I start this, is how do I

This will be the last Shorewall release for a while as I''m going to be focusing on Documentation. In this release: 1. Empty and invalid source and destination qualifiers are now detected in the rules file. It is a good idea to use the ''shorewall check'' command before you issue a ''shorewall restart'' command be be sure that you don''t

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Greetings I''m having a network problem that I don''t understand. It involves/hinges upon an internal router running the latest Shorewall. We make weather radar control and networking software. Our customers are experiencing a connection timeout, but here in the office we are not. I have some slight suspicions as to why they see a

Hello list, I am in the process of switching from IPCOP to Shorewall s the firewall for our small office. I very much like the fact that Shorewall runs on top of the same OS (openSuSE 11.4) that I run on the server and my desktop. Our setup is fairly straightforward. We have 8 static ip addresses from our ISP, which provides a cable modem and a Cisco 800 series router. The ip addresses are

Hi, Thanks for your reply . I am attaching the files needed by you herewith. The NAT device is called Pronto gateway which has two interfaces , namely eth0 and eth1. ''eth0'' has an ip address of 203.124.152.66 and eth1 has an ip address of 192.168.1.3 . All the client PCs are in 192.168.1.0 network [behind the NAT, the Pronto gateway] and use 192.168.1.3 as the default