Woops - my fat fingers hit the send key before I could put in a subject a minute ago. Hello - I am using kernel 2.4.27 and running into behavior I don't know how to explain. I have 2 relevant interfaces. eth0 is external, eth1 is internal. My internal LAN is 10.10.10.0/24. My External range is 1.2.3.0/27 (dummied up). I have an H.323 videoconference device inside my internal LAN, but at IP Address 1.2.3.11/27. (IP Address dummied up.) I want to proxy ARP this device. Both eth0 and eth1 on my firewall have IP Addresses 1.2.3.2/27. eth1 also has IP Address 10.10.10.1/24 and is the default gateway for all my internal hosts. The router outside my firewall is 1.2.3.1. So the network looks like this (apologies if email butchers my ASCII art): 10.10.10.0/27 1.2.3.0/27 10.10.10.n internal hosts | <----+-----+--------+ +-------+------>to the Internet | | | | Proxied | | | H.323 device Firewall Router eth1 eth0 1.2.3.11 10.10.10.1 1.2.3.2 1.2.3.1 1.2.3.2 /proc/sys/net/ipv4/conf/eth0/proxy_arp is 1. /proc/sys/net/ipv4/conf/eth1/proxy_arp is 1. My firewall has a route to 1.2.3.11 dev eth1. The host at 1.2.3.11 has a default GW of 1.2.3.1. This is where it gets weird. The H.323 device should exchange a few TCP packets with the far end and then thousands of UDP packets. And I should see this stream on the firewall watching both interfaces. I run tcpdump in two different windows on the firewall - one for eth1, the other for eth0. When I initiate an outbound H.323 call from the device at .11, tcpdump on the firewall shows TCP packets flying on eth1, but nothing on eth0 - almost all the time. Calls don't complete most of the time, although one call kind of completed. Watching on the firewall, I saw a TCP conversation on eth1, but nothing on eth0. Very strange! One time a call completed all the way and UDP started flying - as it should. I saw a few UDP packets on eth0 and lots (thousands) of UDP packets on eth1. For the call that really completed, I would expect to see thousasnds of UDP packets on both eth0 and eth1 - but instead saw only a few on eth0. This behavior happens even with no firewall filtering rules in place. My NATed 10.10.10.nn internal hosts work fine - in fact, my email server posting this item to the list is one of those hosts. The obvious question - why such an old kernel? Because it's worked for everything I need so far and every 2.6.nn I try has other bugs with one module or another. My questions - was proxy ARP broken in the 2.4.27 days? Why doen't tcpdump show me packets on both interfaces of the firewall? Am I missing a setup ingredient someplace? Should the default GW on that H.323 device be .2 (the firewall) or .1 (the Internet router)? Does mixing NAT and proxy ARP create problems? Should I put the H.323 device in its own little DMZ? Thanks - Greg Scott _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc