similar to: Proxy-ARP and rules

Displaying 20 results from an estimated 10000 matches similar to: "Proxy-ARP and rules"

2005 Jan 26
9
Proxy-ARP on Same Segment
I have had to replace an existing setup which has a bunch of IPs Proxy-NAT''ed onto the loc segment. While I do eventually want to move them to their own segment, I have to deal with this for the next few weeks. My problem is that from a loc system I can ping the public IP of a system being proxy-ARP''d but I can''t hit it via HTTP. Nothing is being blocked according
2006 Feb 20
5
Proxy ARP and UDP
Woops - my fat fingers hit the send key before I could put in a subject a minute ago. Hello - I am using kernel 2.4.27 and running into behavior I don''t know how to explain. I have 2 relevant interfaces. eth0 is external, eth1 is internal. My internal LAN is 10.10.10.0/24. My External range is 1.2.3.0/27 (dummied up). I have an H.323 videoconference device inside my internal
2004 Nov 01
9
Some issues with proxy ARP
This is some ramblings on why using proxy ARP (on a host in a DMZ) is a good or bad thing. The good is that a computer X retains a public IP address which makes it easy to connect it directly to the net if the firewall has to be taken down for extended periods. Thus, if computer X is a mail server for example, it can still function in a reduced capacity until the firewall is restored. The bad
2004 Dec 21
5
Is ''publish'' proxy arp still broken ?
Can''t get proxy arp with arp -s <IPaddr> <MACaddr> pub to work with a 2.4 kernel. I see some evidence in the archive that this was broken in the 2.0.x timeframe and never fixed. Anyone know for sure if it''s broken or working ? (I''m attempting to route a few addresses into a routed network, from the ethernet side of a DSL router that has a /29 public
2005 Jan 18
4
DMZ Recommendations
From reading the documentation, I understand that it is recommended to put servers that may be at risk in a DMZ served via proxy-arp. In this case, the local clients that are behind a NAT would have their connections to the DMZ masqueraded, yes? Is there any way around this that would still be considered secure? Just looking for advice. Thanks, A.
2002 Oct 29
1
ip conflict with proxy arp
HI, I''ve got a proxy arp setup with iptables and tc. on eth0 i have a route to 172.16.2.0/24 network on eth1 is the LAN of 172.16.1.0/24 network I have enabled proxy arp on both interfaces. Now accordingly, the interface will respond to all ARP requests for which it has a route to. Noy my setup is such, that a user on the LAN, would like to have an ip from the 172.16.2.0/24 network.
2003 Jan 22
5
Proxy arp and pptp
Hi all! I''ve set up a Linux box with shorewall doing proxy arp as per http://www.shorewall.net/shorewall_setup_guide.htm#ProxyARP the 5.2 (non routed) example. Everything is working great except for one thing, and that leads me to my question: is there a conflict between proxy arp and pptp? I''ve set the apropriate ACCEPT rules to allow tcp port 1723 and protocol 47 to the host
2002 Aug 31
1
Tunneling public ips, proxy arp, tinc config
Hi, I have a question. I have a routeable /24 netblock including a server at a colocation and I would like to use tincd to tunnel part of that netblock to an internal network on another location being connected to the internet via gateway with DSL link and a single static IP address, so I can use public routable IP addresses on the local network. I have tincd 1.0 pre7 installed on both the local
2007 Oct 20
1
[HELP] Proxy ARP & OSPF
Hi, The network topo looks like this: the original network: router1 router2 | | |----------------OSPF------------| the target network: (we need to insert a transparent firewall between these 2 routers, so a proxy arp is set up on firewall to bridge router1 and router2) router1 firewall router2 |
2002 Feb 01
1
Bug in the HOWTO: proxy-arp (?)
Hello alltogether, I''m new to the list, so please excuse any violations of listiquette... I didn''t have to much to do with linux based firewalling and routing for quite a time and found that proxy-arp changed in between... As I struggled with it I found that the Advanced routing... howto wasn''t to helpfull. Especially the documentation seems to be rather vice versa to
2007 Aug 03
1
proxy arp on CentOS 5?
Anybody implemented a working proxy ARP with CentOS 5? I am trying to implement DNAT on a dual-homed firewall (servers behind firewall are on private IPs) and that requires proxy ARP. I've tried several different methods but nothing seems to work. Any advice? Is proxy ARP broken on v5? -- Florin Andrei http://florin.myip.org/
2002 Aug 09
2
Proxy Arp
Hopefully this is an easy question.... I''m using a leaf router (bearing) running shorewall. Three interfaces net, loc, and dmz. Only one computer in the dmz and its being proxy arp''d. External and internal (net and loc) can reach the dmz but the dmz cannot reach the isp''s gateway and beyond, but can reach a system adjacent to the firewall.
2002 Jun 07
4
Proxy ARP - Pros & Cons
In a previous thread, Tom listed advantages (reproduced below) of Proxy ARP over NAT. They are great reasons, but I have one reservation. By using private addresses with NAT for servers in my DMZ, I can granularly allow specific traffic, such as to/from the SMTP gateway/relay in the DMZ, to connect inbound from the DMZ to an internal (LOC) mail server, and know that it comes only from a
2002 Aug 12
4
Proxy ARP and RH 7.2
I have tried unsuccessfully to run both Shorewall 1.2.x, 1.3.x with Proxy ARP on a Red Hat 7.2 machine. The machine was configured as the external firewall as per the ''belt and suspenders'' layout given at http://www.skippy.net/linux/firewall/ The firewall appeared to function correctly in all functions except proxy ARP, however I must say I did not test exhaustively. After
2007 Jun 15
2
Using Proxy ARP inside Xen DomUs
Hello list I''m considering moving shorewall to a xen domu and the using the Proxy ARP method (we use NAT today). Is it possible to have a Proxy ARP firewall inside a domu serving requests to other domus with public IP-addresses placed on separate hardware (not the hardware the domu with the firewall is on) ? I figure that there''s a problem since it''s different bridges
2003 Jan 05
2
Shorewall DMZ - Proxy ARP or Static NAT
Hi All, >From the documentation I have read on Shorewall, the preferred approach seems to be, to use Proxy ARP instead of Static NAT for hosting web servers in the DMZ Zone. But I have also read that this could cause problems for VPN configurations. I essentially have multiple public IP''s, which I want to map to private addresses in the DMZ. I also intend to setup a gateway between 2
2007 May 30
4
Proxy ARP with a Coyote Point equalizer
Here is a puzzle. I have a network with several servers. It''s a mess. It''s a /24 and pieces and servers are all over the place inside this /24 block, on both sides of the firewall. For example, the router at 1.2.3.1 is outside the firewall and many of the servers at 1.2.3.nnn/24 are behind the firewall. (Obviously, 1.2.3.nnn is a fudged network.) eth0 points outward to
2006 Apr 04
0
RE: Proxy ARP and UDP
I found the problem! It was me and it was dumb... This was the network layout: 10.10.10.0/24 1.2.3.0/27 10.10.10.n internal hosts | <----+-----+--------+ +-------+------>to the Internet | | | | Proxied | | | H.323 device Firewall Router eth1 eth0 1.2.3.11
2004 Jul 27
2
icmp traceroute from dmz behind proxy-arp - icmp code 11 ?
hello there, im running a 3interface inet, dmz, loc. i have some public ip addresses. one public address is the router of the provider, the second one is the linux box running shorewall. all other public interfaces are on the dmz nic with proxy-arp. now whenever i do a traceroute (the dmz boxes are windows, icmp traceroute) the very first hop gets timeout/stars, then the router of the provider
2003 Jan 10
1
Forcing ISP ARP cache to refresh immediately
>From http://shorewall.net/ProxyARP.htm (and the Setup Guide): > A word of warning is in order here. ISPs typically configure their > routers with a long ARP cache timeout. If you move a system from > parallel to your firewall to behind your firewall with Proxy ARP, it > will probably be HOURS before that system can communicate with the > internet. You can call your ISP and ask