Farkas Levente wrote: > hi, > this is may be off topic, but somewhat shorewall releated. we've got the > same setup as described here: > http://shorewall.net/ProxyARP.htm > just the eth1 is 172.16.20.1/24. but now i'd like to put a new machine > into the privnet with ip: 172.16.20.2 (while there are a few others with > public ip). is it possible? i assume i shouldn't have to put anything > into shorewall's proxyarp file (just the old entries),
I don't know how many times I have to point this out but I'll do it again:
You can always eliminate Shorewall in simple cases like this by
doing "shorewall clear" and testing again. Be sure to "shorewall start"
after testing.
> but when i try to
> ping from 172.16.20.2 the firewall (172.16.20.1) and run a tcpdump on
> the firewall, i've got this:
> -------------------------
> # tcpdump -n -i eth1 host 172.16.10.2
> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
> 17:07:01.763468 arp who-has 172.16.10.2 tell 172.16.10.1
> 17:07:02.763313 arp who-has 172.16.10.2 tell 172.16.10.1
> 17:07:04.763930 arp who-has 172.16.10.2 tell 172.16.10.1
> -------------------------
> and of course the problem neither the new host can't ping the firewall
> nor the firewall the new host.
> what can be the problem?
Looks to me like a bad cable or hub/switch port. It appears that 172.16.10.2
isn't receiving from 172.16.10.1. You could, of course, confirm that by packet
sniffing from 172.16.10.2. Or it could possibly be an incorrect netmask
(255.255.255.255) on 172.16.10.2. Or it could be that there is a route to
172.16.10.1 out of another interface on 172.16.10.2. Or ...
As an aside -- most people get very frustrated when bringing up a configuration
like you are attempting. Getting 172.16.10.2 to communicate with the other
public servers on that LAN is a real challenge and you will run into some
interesting problems. I don't recommend such a configuration and consequently
have not documented how to do it.
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ [EMAIL PROTECTED]
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
