I think I will need to enable proxy_arp. It is disabled in the kernel by default. If I enable on the kernel level and do a "shorewall clear" then hopefully it will route.
In your opinion do you think I would have to enable it only on the external "public" interface? I was reading this document today -> http://www.shorewall.net/ProxyARP.htm Does shorewall/iptables work at the layer 2 level? I thought it would only be layer 3. Thank you, Mitch Tom Eastep wrote: > Mitch Sheean wrote: > >> I think maybe the shorewall box needs routes or an arp table mapping to >> all the hosts behind it. Seems like packets get to the box then don't >> know where to go. >> >> > > Again, I'll bet it is the responses that are getting lost and the > problem has nothing to do with the configuration of the Shorewall box. > > -Tom > -- ------------------------------------------------------------------------ Mitchell Sheean | Systems Administrator Internet Identity | Portal: https://portal.powershark.com Office: +1 253-590-4087 | Mobile: +1 253-678-9456 ------------------------------------------------------------------------ ------------------------------------------------------------------------------ Return on Information: Google Enterprise Search pays you back Get the facts. http://p.sf.net/sfu/google-dev2dev _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
