--On Thursday, February 27, 2003 09:34:34 AM -0800 Stephen Lee <[EMAIL PROTECTED]> wrote:
If you want to use proxy ARP on an entire sub-network, I suggest that you look at http://www.tldp.org/HOWTO/mini/Proxy-ARP-Subnet/. If you decide to use the technique described in that HOWTO, you can set the proxy_arp flag for an interface (/proc/sys/net/ipv4/conf/<interface>/proxy_arp) by including the proxyarp option in the interface's record in /etc/shorewall/interfaces. When using Proxy ARP sub-netting, you do NOT include any entries in /etc/shorewall/proxyarp. " ^^^^^^^^^^^^^^^^^^^^^^^ Does Tom mean /etc/shorewall/interfaces?
No, I mean /etc/shorewallproxyarp. If you are proxy arping an entire network the /etc/shorewall/proxyarp file is empty and you simply set the 'proxyarp' option on the external interface and on the interface to the network in the /etc/shorewall/interfaces file.
I have 5 public IPs of which 1 resides on eth0 and 3 others withing the DMZ on eth2. I would need to adjust /etc/shorewall/proxyarp - correct?
Yes -- see http://www.shorewall.net/shorewall_setup_guide.htm for more information.
-Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ [EMAIL PROTECTED]
------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html