----- Original Message ----- From: "dgilleece" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, March 22, 2002 6:34 AM Subject: Re: [Leaf-user] Bering Firewall without NAT
> I had to do something similar recently, and I'm still amazed at how uncommon > it seems to be -- there are not many examples around. > > I can't speak to Bering-specific configurations, as I have only used > Shorewall on Red Hat and SuSE "minimal" installations, but I assume it is > Shorewall that will take the lead in your scenario. > > The secret for Shorewall is the proxyarp file, since Proxy-arp must be used > to do what you are looking to do. Getting the proxyarp file configured can > be a bit time-consuming, as it must explicitly list each IP address for > which it will proxy, plus a few other configuration parameters. To assist > with this task, I created a short Perl script, that you can find here: > http://www.optimumnetworks.com/PAconfig . Sounds like Jonathan could also use the bridge patches together with Shorewall thus avoiding Proxy ARP. I know that Jacque has been working with someone to test bridging with Bering but I haven't heard about any results recently. Even if Proxy ARP is used, with only two firewall interfaces and the requirement to Proxy ARP the entire subnet behind the firewall, I wouldn't use the /etc/shorewall/proxyarp file at all. I would instead: echo 1 > /proc/sys/net/ipv4/config/all/proxy_arp That way, the firewall will Proxy ARP in both directions using the firewall's routing table. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ [EMAIL PROTECTED] _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
