Perhaps I'm missing something, but it seems to me that the way to implement proxy ARP is to edit /etc/shorewall/parms and /etc/shorewall/conf? There isn't a nice web interface to configuring the firewall?
I looked at the web interface and I only see DHCP and "login to your ISP" forms, but nothing about configuring the firewall rules. Am I looking in the wrong place? My ancient LRP installation has at least a nice long shell script with lots of comments, and a menu entry to edit it with lrcfg, so at least you have *some* guidance. I was hoping we'd progressed in the 10 years since. Thanks, Bill Dudley On 10/22/10, wfdudley <wfdud...@gmail.com> wrote: > Erich, > > Thanks for the reply and the references to shorewall docs. > > I've been using a filtered bridge for many years with my old LRP > installation > and would just as soon keep using it if I can. But it's nice to know I > could > switch to proxy arp if I can't get a filtered bridge running. > > Bill > > On 10/22/10, Erich Titl <erich.t...@think.ch> wrote: >> Hi >> >> at 22.10.2010 00:53, wfdudley wrote: >>> Erich, >>> >>> I decided that I don't understand this well enough to implement it. >>> >>> Do I leave eth0 and eth2 unconfigured and just use the code that you >>> emailed me to set up the bridge? >> >> To bridge the two interfaces, that is all it takes. This little snipped >> also sets an address on the bridge. >> >> As I mentioned, you might want to consider routing and proxy-arp, then >> you don't need a bridge, you can use public addresses in your DMZ and >> you can use all iptables features you want to apply to the traffic, no >> need for ebtables. I _believe_ this is the better approach. >> >> See: http://www.shorewall.net/3.0/ProxyARP.htm >> And: http://www.shorewall.net/3.0/SimpleBridge.html >> >>> >>> There is no information that I can find on this and I really don't fancy >>> poking around trying to reverse the entire LEAF system trying to figure >>> out how it works. >> >> No need. >> >> cheers >> >> Erich >> >> > ------------------------------------------------------------------------------ Nokia and AT&T present the 2010 Calling All Innovators-North America contest Create new apps & games for the Nokia N8 for consumers in U.S. and Canada $10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store http://p.sf.net/sfu/nokia-dev2dev ------------------------------------------------------------------------ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
