On 4/30/13 9:55 AM, "chop wow" <[email protected]> wrote:
> Thanks for the reply Tom,
>
>
>
> * The arp table looks fine with my RF1918 IPs, however I do not see any
> entries for the external NAT'd IPs - is this expected?
> ...
> ? (10.95.100.49) at 90:e6:ba:ed:4b:39 [ether] on eth1
> (should I see the NAT'd IP on eth0?)
>
>
> * While pinging a server on the failed route, I see the following on the
> firewall eth0 (tcpdump -nei eth0 host <MY EXT NAT'd IP>):
> ...
> 09:25:15.285583 fa:c0:01:7b:4a:91 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806),
> length 60: Request who-has <MY EXT NAT'd IP> tell <SWITCH IP>, length 46
>
>
> * The failure also occurs from a system I have proxyarp directly behind
> firewall eth3:
> ...
> ? (PROXYIP) at 00:1b:21:77:b2:fc [ether] on eth3
> ? (PROXYIP) at <from_interface> PERM PUB on eth0
You are asking us questions that assume that we know all about your
configuration; you have told us almost nothing and what you have told us you
have obscured (PROXYIP).
The PERM PUB entry is what is added by Shorewall. You should see one of
those for each entry in your proxyarp file.That causes who-has requests for
PROXYIP arriving on eth0 to be replied. What does your
/etc/shorewall/interfaces file entry for eth0 look like?
-Tom
You do not need a parachute to skydive. You only need a parachute to skydive
twice.
------------------------------------------------------------------------------
Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET
Get 100% visibility into your production application - at no cost.
Code-level diagnostics for performance bottlenecks with <2% overhead
Download for free and get started troubleshooting in minutes.
http://p.sf.net/sfu/appdyn_d2d_ap1
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
