Hello I have proxy arp on eth3 with one host for testing Proxy arp host is 66.224.62.119. With the box configured with both Isp's Comcast and T-1 proxy arp breaks and a tcpdump shows eth0 (66.224.62.118) arping for dmz host (66.224.62.119) without reply. However local network can access the dmz host. eth0:66.224.62.118 is T-1 eth2:dhcp is comcast eth1 local 10.194.79.0/24 eth3:66.224.62.118 dmz nic dmz server 66.224.62.119 below is external nic dump. I have tried putting proxyarp option in /etc/shorewall/ interfaces. On both eth0 and eth3. I have spent most of my time using /etc/shorewall/proxyarp. Which brings up a question. Shorewall puts "1" on the proxyarp dmz inteface only. Not the external interface. I have however tried both which makes no difference. With both Isp's configured there is local access only. The dmz host however cannot access the internet nor can the internet access the dmz host. And eth0 keeps arping for the mac with no reply. If I comment out the comcast Isp in shorewall and shut down the dmz nic (eth3) proxyarp works. Any ideas?
Thanks Mike PS the dump is with proxyarp broken [EMAIL PROTECTED] ~]# tcpdump -nevvi eth0 arptcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes 10:58:11.417716 00:50:bf:79:35:1a > Broadcast, ethertype ARP (0x0806), length 42: arp who-has 66.224.62.119 tell 66.224.62.118 10:58:13.242507 00:40:33:e3:cf:c3 > 00:60:49:80:24:46, ethertype ARP (0x0806), length 60: arp who-has 66.224.62.97 tell 66.224.62.100 10:58:13.243225 00:60:49:80:24:46 > 00:40:33:e3:cf:c3, ethertype ARP (0x0806), length 64: arp reply 66.224.62.97 is-at 00:60:49:80:24:46 10:58:14.911692 00:50:bf:79:35:1a > Broadcast, ethertype ARP (0x0806), length 42: arp who-has 66.224.62.119 tell 66.224.62.118
dump.gz
Description: GNU Zip compressed data
------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
