> /The problem you ran into above just involves adding the route to the proxy
> arp'ed host. Proxy ARP involves adding a 'neighbor' object for each host.
> And a neighbor is a host, not a network. So Shorewall would have to
> decompose the network into its individual hosts and run 'ip neigh add ..
On 3/28/2014 12:58 PM, Rich Wales wrote:
> Just to see what would happen, I tried adding a network range to the
> "proxyarp" file:
>
> 10.0.229.224/27tap0grn0no
>
>
> in order to handle traffic to an entire subnet living behind a
> VPN-connected host in a single configura
Just to see what would happen, I tried adding a network range to the
"proxyarp" file:
10.0.229.224/27tap0grn0no
in order to handle traffic to an entire subnet living behind a VPN-connected
host in a single configuration directive.
"shorewall check" didn't complain, but "
> /You can, however, set the proxyarp option on an interface which causes that
> interface to respond to ARP requests for any address that the system has a
> route to (other than out of the interface receiving the ARP request). -Tom/
Thanks.
I have another, sort-of-related question, but I'll ask
On 3/27/2014 1:48 PM, Roberto C. Sánchez wrote:
> On Thu, Mar 27, 2014 at 12:47:29PM -0700, Rich Wales wrote:
>>I'm running Shorewall 4.5.16.1 on an Ubuntu 13.10 system.
>>
>>Is it possible to specify a CIDR range in the proxyarp file? Or do I
>>really need to list each individual IP a
On Thu, Mar 27, 2014 at 12:47:29PM -0700, Rich Wales wrote:
>I'm running Shorewall 4.5.16.1 on an Ubuntu 13.10 system.
>
>Is it possible to specify a CIDR range in the proxyarp file? Or do I
>really need to list each individual IP address separately?
From the shorewall-proxyarp(5) ma
I'm running Shorewall 4.5.16.1 on an Ubuntu 13.10 system.
Is it possible to specify a CIDR range in the proxyarp file? Or do I
really need to list each individual IP address separately?
--
*Rich Wales*
ri...@richw.org
--