Re: [Shorewall-users] proxyarp setup question

Wed, 28 Nov 2007 17:14:23 -0800 

Tom Eastep wrote:
> kbajwa wrote:
>> Hello:
>>
>> CentOS
>> Shorewall 4.0.5
>> dnsdjb (DNS)
>>
>> I am trying to setup a very simple network with (1) firewall server (2) dmz
>> with two DNS name servers.
>>
>> I have IP: 65.103.190.104/28 mask: 255.255.255.248 (8 IP addresses available
>> from Qwest).
>>
>> Network is as below:
>>
>> 65.103.190.104:  Network
>> 65.103.190.105:  FW
>> 65.103.190.106:  NS1
>> 65.103.190.108:  NS2
>> 65.103.190.110:  Gateway
>> 65.103.190.111:  Broadcast
>>
>> SETUP:
>>
>> I am using djbdns (http://cr.yp.to/djbdns.html) software to setup the DNS
>> servers. This software requires that the authoritative DNS server, known as
>> "tinydns" must run on a separate IP address (see
>> http://cr.yp.to/djbdns/run-server.html). This is accomplished as follows:
>>
>> eth0:                65.103.190.106  (NS1 Server) 
>> eth0:1       65.103.190.107  (authoritative server "tinydns" running on NS1
>> Server listening on 65.103.190.107 )
>>
>>
>> PROBLEM:
>>
>> I setup proxyarp (Shorewall), as follows:
>>
>> #ADDRESS             INTERFACE       External        Haveroute
>> 65.103.190.106       eth1            eth0            no
>> 65.103.190.107       eth1            eth0:1  no
>>
>> When I issue the "shorewall start" command, I get the following error:
>>
>> .....
>> setting up Proxy ARP...
>> SIOCSARP: no such device ERROR: command 'arp -I eth0:1 -Ds 65.103.190.107
>> eth0:1 Pub' failed
>>
>> Any suggestion?
> 
> Yes -- eth0:1 is not an interface. See
> http://www1.shorewall.net/Shorewall_and_Aliased_Interfaces.html
> 

And I'm not at all sure that you are configuring IP correctly.
http://www.shorewall.net/ProxyARP.htm specifically says:

        Warning

        Do not add the Proxy ARP'ed address(es) (130.252.100.18 and
        130.252.100.19 in the above example) to the external interface
        (eth0 in this example) of the firewall.

Sounds like you may have missed that.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ [EMAIL PROTECTED]
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key

Attachment: signature.asc
Description: OpenPGP digital signature

-------------------------------------------------------------------------
SF.Net email is sponsored by: The Future of Linux Business White Paper
from Novell.  From the desktop to the data center, Linux is going
mainstream.  Let it simplify your IT future.
http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to