Paolo Riviello www.paoloriviello.com a écrit :
hi,
for my experience this is enough.
In which mode do you want to change sysctl.conf ??
add the proxy arp settings like this :
net.ipv4.conf.eth0.proxy_arp = 1
I found some infos at this url, and this one talks about sysctl and the
old method :
http://postnuke.systura.com/modules.php?op=modload&name=News&file=article&sid=37
I'll have to check again.
cheers
--
Paolo Riviello
Home: http://www.paoloriviello.com
E-mail: [EMAIL PROTECTED]
E-mail: [EMAIL PROTECTED]
Skype: pao_rivi Icq: 285354822
If men could get pregnant, abortion would be a sacrament. (H)
From: pkc_mls <[EMAIL PROTECTED]>
Reply-To: Mailing list for discussion of Firewall-1
<FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM>
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: Re: [FW-1] High availability cluster and manual NAT
Date: Wed, 14 Feb 2007 13:32:26 +0100
Paolo Riviello www.paoloriviello.com a écrit :
Automatic Proxy ARP
When using static NAT, the cluster can be configured to
automatically recognize the
hosts hidden behind it, and issue ARP replies with the cluster MAC,
on their behalf.
This process is known as Automatic Proxy ARP. If you use different
subnets for the
cluster IPs, this mechanism will not work, and you must configure
the proxy ARP
manually. This is done by creating a file called local.arp, under
the firewall's
configuration directory ($FWDIR/conf). In SmartDashboard, uncheck
Automatic proxy
arp.
Each entry in this file is a triplet, containing the:
• host address to be published
• MAC address that needs to be associated with the IP address
• unique IP of the interface that responds to the ARP request.
The MAC address that should be used is the cluster's multicast MAC
defined on the
responding interface, when using multicast LS, or this interface's
unique IP, for all other
modes.
For example, if host 172.16.4.3 is to be hidden using the address
172.16.6.25, and the
cluster uses Load Sharing Multicast mode, add the following line to
the local.arp file
of Member 1:
172.16.6.25 00:01:5e:10:06:64 192.168.1.1
The second parameter in this line is the multicast MAC address of
cluster IP
172.16.6.100, through which ARP requests for 172.16.6.25 will be
received. On
Member 2, this line will be:
172.16.6.25 00:01:5e:10:06:64 192.168.1.2
If the cluster is in unicast LS mode, or in HA mode, the entries on
Member 1 and 2
will be:
172.16.6.25 00:A0:C9:E8:C7:7F 192.168.1.1
- And -
172.16.6.25 00:A0:C9:E8:CB:3D 192.168.1.2
where the second entry in each line is the unique MAC address of the
matching local
interface.
as is in the manual...
thanks for the response.
I'll check if this works ,because I had some troubles to have it run
properly.
on secureplatform, do you need to modify the /etc/sysctl.conf also ?
cheers
--
Paolo Riviello
Home: http://www.paoloriviello.com
E-mail: [EMAIL PROTECTED]
E-mail: [EMAIL PROTECTED]
Skype: pao_rivi Icq: 285354822
If men could get pregnant, abortion would be a sacrament. (H)
___________________________________________________________________________
Yahoo! Mail réinvente le mail ! Découvrez le nouveau Yahoo! Mail et
son interface révolutionnaire.
http://fr.mail.yahoo.com
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
_________________________________________________________________
Windows Live OneCare: tutto per la cura del tuo PC!
http://onecare.live.com/standard/it-it/default.htm
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
___________________________________________________________________________
Yahoo! Mail réinvente le mail ! Découvrez le nouveau Yahoo! Mail et son interface révolutionnaire.
http://fr.mail.yahoo.com
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================