Correction below If I comment out the comcast Isp eth2 not dmz proxyarp works please ignore > and shut down the dmz nic (eth3) proxyarp works.
----- Original Message ----- From: "Mike Lander" <[EMAIL PROTECTED]> To: "Shorewall" <[email protected]> Sent: Wednesday, November 22, 2006 12:07 PM Subject: [Shorewall-users] Proxy Arp Breaks > Hello > I have proxy arp on eth3 with one host for testing > Proxy arp host is 66.224.62.119. With the box configured with > both Isp's Comcast and T-1 proxy arp breaks and a tcpdump > shows eth0 (66.224.62.118) arping for dmz host (66.224.62.119) > without reply. However local network can access the dmz host. > eth0:66.224.62.118 is T-1 eth2:dhcp is comcast > eth1 local 10.194.79.0/24 eth3:66.224.62.118 dmz nic > dmz server 66.224.62.119 below is external nic dump. > I have tried putting proxyarp option in /etc/shorewall/ > interfaces. On both eth0 and eth3. I have spent most of > my time using /etc/shorewall/proxyarp. > Which brings up a question. Shorewall puts > "1" on the proxyarp dmz inteface only. Not the external > interface. I have however tried both which makes no > difference. With both Isp's configured there is local > access only. The dmz host however cannot access the internet > nor can the internet access the dmz host. And eth0 keeps > arping for the mac with no reply. > If I comment out the comcast Isp in shorewall > and shut down the dmz nic (eth3) proxyarp works. > Any ideas? > > Thanks > Mike > PS the dump is with proxyarp broken > > > > [EMAIL PROTECTED] ~]# tcpdump -nevvi eth0 arp > tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 96 > bytes > 10:58:11.417716 00:50:bf:79:35:1a > Broadcast, ethertype ARP (0x0806), > length 42: arp who-has 66.224.62.119 tell 66.224.62.118 > 10:58:13.242507 00:40:33:e3:cf:c3 > 00:60:49:80:24:46, ethertype ARP > (0x0806), length 60: arp who-has 66.224.62.97 tell 66.224.62.100 > 10:58:13.243225 00:60:49:80:24:46 > 00:40:33:e3:cf:c3, ethertype ARP > (0x0806), length 64: arp reply 66.224.62.97 is-at 00:60:49:80:24:46 > 10:58:14.911692 00:50:bf:79:35:1a > Broadcast, ethertype ARP (0x0806), > length 42: arp who-has 66.224.62.119 tell 66.224.62.118 > -------------------------------------------------------------------------------- > ------------------------------------------------------------------------- > Take Surveys. Earn Cash. Influence the Future of IT > Join SourceForge.net's Techsay panel and you'll get the chance to share > your > opinions on IT & business topics through brief surveys - and earn cash > http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV -------------------------------------------------------------------------------- > _______________________________________________ > Shorewall-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/shorewall-users > ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
