________________________________ From: Tom Eastep <teas...@shorewall.net> > > Here is the main routing table on gw1: > 10.215.0.0/16 dev enp11s0 proto kernel scope link src 10.215.144.92 > > Note the last route. It assumes that the entire 10.215.0.0/16 network is > directly attached to enp11s0. > > Here is the main table on fw2: > The WAN interface that is connected to gw1 is enp6s0 which only has > routes to a handful of 10.215.0.0/16 hosts. The bulk 10.215.0.0/16 is > connected to the LAN interface (enp10s0). Consequently, enp6s0 must > proxy ARP requests for 10.215.x.x.
Thank you very much. So if I wanted to avoid using proxy arp on the WAN interface, and since the bulk 10.215.0.0/16 is really on the LAN interface then I could change gw1's enp11s0 IP settings to 10.215.144.92/32 with a route for 10.215.0.0/16 via 172.16.0.1. Have a nice weekend, Vieri ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
