Re: [Shorewall-users] FAQ 2b ...

Thu, 24 Feb 2011 11:26:54 -0800 

On Wed, 23 Feb 2011, Tom Eastep wrote:

>>>> . . .

>>>> The firewall box is a ProxMox VE and the server is a KVM based VM in the
>>>> same ProxMox box.
>>>>
>>>> Any hints?
>>>
>>> Put an entry for the server in its own /etc/hosts file.
>>
>> I currently put entries like:
>>
>> 192.168.a.b  www.mydomain.com
>> 192.168.a.b  mydomain.com
>>   ....
>>
>> in the server's  /etc/hosts (VM), but I am searching for a better
>> solution.
>> Having many hosts with some VM that also have many vhosts on it the
>> /etc/hosts solution don't seems the better :-)
>>
>
> The available solutions in preferred order are:
>
> a) Don't use NAT - use Proxy ARP instead.
> b) Use split DNS
> c) Use Hosts file
> d) Miserable kludge using Netfilter

d) NO. I like the KISS philosofy :-)
c) & b) Not applicable. Require global restructuration of our systems ...

a) FWIK (I have also rapidly re-read proxy arp docs, but my understanding 
for this matter is not complete as your), using Proxy ARP require to use 
Public IP on the server.
This broke many other configurations that depends on IP assigned to the 
box.
There is a way to use Proxy ARP still having only the current Private IP 
on the server (not as alias ...)?

In my mind I thinked my problem is only matter of some iptables option 
that I dont' know because I use this configuration schema with others FW 
systems from many years and I haven't this problem. I have verified it now 
on a system that use an physical IpCop 1.4.x fw, another that use a 
virtual IpCop 1.4.x fw and also a pfSense fw (not comparable because 
BSD/pfw based ...).

Where is the trick?


Thanks,
                          Paolo

____________________________________________


------------------------------------------------------------------------------
Free Software Download: Index, Search & Analyze Logs and other IT data in 
Real-Time with Splunk. Collect, index and harness all the fast moving IT data 
generated by your applications, servers and devices whether physical, virtual
or in the cloud. Deliver compliance at lower cost and gain new business 
insights. http://p.sf.net/sfu/splunk-dev2dev 
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to