Proxyarp (simplifying) is a way to your firewall responds on behalf your IP
public address (other than the ip on the eth0 itself).I.E: if someone pings
93.167.197.50 your firewall respond. But if someone pings <http://93.167.197.50>
93.167.197.51 <http://93.167.197.50> nothing happens.
So, putting 93.167.197.51 <http://93.167.197.50> in /etc/shorewall/proxyarp
will able your firewall to receive all packets to this IP.
### /etc/shorewall/proxyarp
93.167.197.51 eth1 eth0 no
###
Doing so, you can finally redirects any access to your internal host:
### /etc/shorewall/rules
DNAT net loc:10.10.10.5 tcp ssh - 93.167.197.51
###
SSH to 93.167.197.50 go to your firewall
SSH to 93.167.197.51 go to your 10.10.10.5 box
-Gilson Soares
On Tue, Nov 18, 2008 at 06:05, Michael Bernhard Arp Sørensen <[EMAIL PROTECTED]
> wrote:
> Hi there.
>
> I've been reading the docs over and over and the understading of proxyarp
> escapes me.
>
> I've set up a firewall. I've got 10 external IP addresses and I want for a
> start to set up the first public IP address to access a server on the inside
> private network. It's that darn proxyarp that is giving me problems. All
> else is working.
>
> I fail to understand how a public IP like 93.167.197.51 is associated with
> my 10.10.10.5 in any way because there's no clear understanding from the
> config files.
>
> My firewall:
> eth0: 93.167.197.50 (net)
> eth1: 10.10.10.200 (loc)
>
> Public IP:
> 93.167.197.51 port 22
>
> Server to connect to:
> 10.10.10.5 port 22
>
> If someone could provide me with clues or a simple, working example of
> proxyarp in function, I would be very gratefull. :-)
>
> --
> Med venlig hilsen/Kind regards
>
> Michael B. Arp Sørensen
> Programmer / BOFH
>
> Dansk Minkpapir A/S
> Research and Development Lab
> Bautavej 1A, indgang C - D
> 8210 Aarhus V
> Denmark
>
> I am /root and if you see me laughing you better have a backup.
>
> -------------------------------------------------------------------------
> This SF.Net email is sponsored by the Moblin Your Move Developer's
> challenge
> Build the coolest Linux based applications with Moblin SDK & win great
> prizes
> Grand prize is a trip for two to an Open Source event anywhere in the world
> http://moblin-contest.org/redirect.php?banner_id=100&url=/
> _______________________________________________
> Shorewall-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
>
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
