> > ________________________________ > From: Simon Matter <simon.mat...@invoca.ch> >> >> Exactly, what about the rest of the network, switches/routers, how do >> they > >> know about the FW change? (I guess the easiest solution would be to >> simply> reboot those devices after the FW change) > > > Note that I've kept the new FW online for more than 5 minutes. > I'm not sure yet when an ARP entry times out in my network devices (I'll > need to check on each and every switch firmware), but in Linux it should > be about 1 minute according to: > > /proc/sys/net/ipv4/neigh/default/gc_stale_time > > I'm only assuming the other network devices have similar settings, but I > guess I'll need to check thoroughly.
I remember a case with an externally controlled Cisco router where are timeout was 1h. So better check. BTW, any chance you are using proxy ARP on the shorewall FW? This can also lead to such issues IIRC. Simon ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
