J M wrote: > > The only thing I notice now, is that on a reboot of the firewall, the > rules dont seem to apply, I get ton of REJECT packets for example (in > the shorewall log), when I try to ping the host from the firewall. > However if I simply do a "shorewall restart" then everything works > again. I'm working on that one..
The order of operations in Shorewall is that providers are established before Proxy ARP routes are added. So you will always have to restart at least once after boot to get the proxy arp routes copied into the provider routing tables. That's why I recommended adding those routes as part of bringing up the DMZ interface rather than having Shorewall do it. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
