On Sunday May 4 2003 04:56 pm, Martin A. Brown wrote:
>
....snip....
>
> Joseph--I have a question for you about how your shorewall box is
> detecting when you move a host from one interface to another? I have been
> puzzling over ways to do this, and I believe I have stumbled on one, but I
> was hoping you might have already solved this problem. Naturally, the
> shorewall box needs to know at all times the location of your roving host,
> so autodetection of the location of the box might be handy.
>
> -Martin
>
I tell it what hosts are in the dmz .... it does not autodetect. I just add
the host to the shorewall config.
I have a question maybe you can help me with though:
Here is the working configuration of my testing firewall using proxy
arp:
192.168.1.0/24
|
eth0: 192.168.1.1
Firewall
eth1: 192.168.3.1
|
192.168.1.2
There are the following routes used by proxy-arp:
192.168.1.2 dev eth1 scope link
192.168.1.0/24 dev eth0 scope link
This moves host 192.168.1.2 from the public network to the dmz behind the
firewall. Where I am confused is when I check the proxy_arp settings:
[]# cat /proc/sys/net/ipv4/conf/eth0/proxy_arp
0
[]# cat /proc/sys/net/ipv4/conf/eth1/proxy_arp
1
[]#
Why is proxy_arp not turned on for eth0?? Every howto I can find says to turn
on proxy_arp for both interfaces.
--
Regards
Joseph Watson
