Gilson, which is the difference using DNAT instead?
On Wed, Nov 19, 2008 at 10:40 AM, Gilson Soares <[EMAIL PROTECTED]
> wrote:
> Proxyarp (simplifying) is a way to your firewall responds on behalf your IP
> public address (other than the ip on the eth0 itself).I.E: if someone
> pings 93.167.197.50 your firewall respond. But if someone pings
> <http://93.167.197.50>
> 93.167.197.51 <http://93.167.197.50> nothing happens.
>
> So, putting 93.167.197.51 <http://93.167.197.50> in
> /etc/shorewall/proxyarp will able your firewall to receive all packets to
> this IP.
>
> ### /etc/shorewall/proxyarp
> 93.167.197.51 eth1 eth0 no
> ###
>
> Doing so, you can finally redirects any access to your internal host:
>
> ### /etc/shorewall/rules
> DNAT net loc:10.10.10.5 tcp ssh - 93.167.197.51
> ###
>
> SSH to 93.167.197.50 go to your firewall
> SSH to 93.167.197.51 go to your 10.10.10.5 box
>
> -Gilson Soares
>
>
> On Tue, Nov 18, 2008 at 06:05, Michael Bernhard Arp Sørensen <
> [EMAIL PROTECTED]> wrote:
>
>> Hi there.
>>
>> I've been reading the docs over and over and the understading of proxyarp
>> escapes me.
>>
>> I've set up a firewall. I've got 10 external IP addresses and I want for a
>> start to set up the first public IP address to access a server on the inside
>> private network. It's that darn proxyarp that is giving me problems. All
>> else is working.
>>
>> I fail to understand how a public IP like 93.167.197.51 is associated
>> with my 10.10.10.5 in any way because there's no clear understanding from
>> the config files.
>>
>> My firewall:
>> eth0: 93.167.197.50 (net)
>> eth1: 10.10.10.200 (loc)
>>
>> Public IP:
>> 93.167.197.51 port 22
>>
>> Server to connect to:
>> 10.10.10.5 port 22
>>
>> If someone could provide me with clues or a simple, working example of
>> proxyarp in function, I would be very gratefull. :-)
>>
>> --
>> Med venlig hilsen/Kind regards
>>
>> Michael B. Arp Sørensen
>> Programmer / BOFH
>>
>> Dansk Minkpapir A/S
>> Research and Development Lab
>> Bautavej 1A, indgang C - D
>> 8210 Aarhus V
>> Denmark
>>
>> I am /root and if you see me laughing you better have a backup.
>>
>> -------------------------------------------------------------------------
>> This SF.Net email is sponsored by the Moblin Your Move Developer's
>> challenge
>> Build the coolest Linux based applications with Moblin SDK & win great
>> prizes
>> Grand prize is a trip for two to an Open Source event anywhere in the
>> world
>> http://moblin-contest.org/redirect.php?banner_id=100&url=/
>> _______________________________________________
>> Shorewall-users mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>>
>>
>
> -------------------------------------------------------------------------
> This SF.Net email is sponsored by the Moblin Your Move Developer's
> challenge
> Build the coolest Linux based applications with Moblin SDK & win great
> prizes
> Grand prize is a trip for two to an Open Source event anywhere in the world
> http://moblin-contest.org/redirect.php?banner_id=100&url=/
> _______________________________________________
> Shorewall-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
>
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
