Greg Scott wrote: > > As it turns out, not seeing proxy ARP traffic on the outside interface > has other consequences. I do some traffic shaping and noticed in my > testing that the outbound traffic isn't being shaped. This drove me > crazy until it suddenly dawned on me - tcpdump shows almost no traffic > on the outside interface even though a full H.323 UDP stream is flying > across the Internet to and from my proxy ARP'd device behind my > firewall. I know lots of data is flying across both interfaces because > I can see the results. Yet as far as any software is concerned, almost > nothing is going in or out of my outside interface. > > Is this a normal proxy ARP behavior? Traffic is definitely flying > across both interfaces. Why doesn't any software see traffic in and out > of the outside interface? Should I try a newer kernel than 2.4.27? Greg, Please, if you want answers, provide enough information for us to help. In the absence of any shaping configuration script, it is useless to speculate about why you see nothing being shaped. I will say that UDP is not "protocol ip". Neither is ARP nor ICMP. In the absence of the parameters you are passing to tcpdump, nothing can be said about why you are not seeing the expected traffic on the external IF. Run 'cat /proc/net/ip_conntrack | grep udp' There is nothing wrong with your .27 kernel! I have done something similar to what you seem to be trying to do for years running kernels from 2.4.25 through .32 and never had any problem at all with proxy ARP (except for the mental part ;) -- gypsy _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
