Mitch Sheean wrote: > > I think I will need to enable proxy_arp. It is disabled in the kernel by > default. If I enable on the kernel level and do a "shorewall clear" then > hopefully it will route. > > In your opinion do you think I would have to enable it only on the > external "public" interface?
If you had to enable it on the "public" interface, the traffic wouldn't even get to your router if it were not set. > > I was reading this document today -> http://www.shorewall.net/ProxyARP.htm > > Does shorewall/iptables work at the layer 2 level? I thought it would > only be layer 3. > Shorewall/iptables work at layer 3. You appear to have a three-interface router with eth0 apparently being the interface that connects to the internet. Behind that router, you have two networks: a) 209.147.127.208/28 - eth2 b) 66:113.100.32/27 - eth1 All hosts in network a) must have their default gateway set to 209.147.127.209. All hosts in network b) must have their default gateway set to 66.113.100.33. from the internet, both of those networks must be routed via 66.113.102.253. If you configure your networks that way, then without Shorewall even installed, all hosts will be able to communicate with all other hosts. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Return on Information: Google Enterprise Search pays you back Get the facts. http://p.sf.net/sfu/google-dev2dev
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
