Thanks for the reply Tom,
* The arp table looks fine with my RF1918 IPs, however I do not see any
entries for the external NAT'd IPs - is this expected?
...
? (10.95.100.49) at 90:e6:ba:ed:4b:39 [ether] on eth1
(should I see the NAT'd IP on eth0?)
* While pinging a server on the failed route, I see the following on the
firewall eth0 (tcpdump -nei eth0 host <MY EXT NAT'd IP>):
...
09:25:15.285583 fa:c0:01:7b:4a:91 > ff:ff:ff:ff:ff:ff, ethertype ARP
(0x0806), length 60: Request who-has <MY EXT NAT'd IP> tell <SWITCH IP>,
length 46
* The failure also occurs from a system I have proxyarp directly behind
firewall eth3:
...
? (PROXYIP) at 00:1b:21:77:b2:fc [ether] on eth3
? (PROXYIP) at <from_interface> PERM PUB on eth0
Network doesn't completely fail on the NAT'd systems, only a few select
routes. However when it does fail, the flurry of who-has packets ensues.
Also, all other masqueraded systems successfully access all routes.
Thanks again!
Chop
On Tue, Apr 30, 2013 at 7:10 AM, Tom Eastep <[email protected]> wrote:
> On 04/29/2013 09:52 PM, chop wow wrote:
> > Recently our network switches were replaced.
> >
> > Since that time, Shorewall will not reply to who-has arp packets for any
> > system defined in proxyarp or nat file. It actually worked for a few
> > days, then suddenly the switch sends out who-has requests and no system
> > replies.
> >
> >
> > Any suggestions on how to debug this?
> >
> > Thanks,
>
> Just to be clear, Shorewall itself does not process packets. Shorewall
> is a tool that configures your kernel based on the input it receives.
>
> You can see the proxy ARP entries made in the kernel's IPv4 neighbor
> table using 'ARP -na'. Do those look correct?
>
> -Tom
> --
> Tom Eastep \ When I die, I want to go like my Grandfather who
> Shoreline, \ died peacefully in his sleep. Not screaming like
> Washington, USA \ all of the passengers in his car
> http://shorewall.net \________________________________________________
>
>
>
> ------------------------------------------------------------------------------
> Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET
> Get 100% visibility into your production application - at no cost.
> Code-level diagnostics for performance bottlenecks with <2% overhead
> Download for free and get started troubleshooting in minutes.
> http://p.sf.net/sfu/appdyn_d2d_ap1
> _______________________________________________
> Shorewall-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
>
------------------------------------------------------------------------------
Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET
Get 100% visibility into your production application - at no cost.
Code-level diagnostics for performance bottlenecks with <2% overhead
Download for free and get started troubleshooting in minutes.
http://p.sf.net/sfu/appdyn_d2d_ap1
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
