RE: [suse-security] proxy-arp problems ...
My guess is that proxy_arp is the wrong tool then.
Try adding additional IPs to the Interface of the Firewall. For example try: "ip add 66.8.45.171 dev eth0"
Package: iproute2 (SuSE 7.2)
then your FW answers the arp-requests (I think so).
Deactivate proxy_arp.
This is true, Ray doesn't want proxy-arp, he wants the firewall to answer arps on behalf of the public servers behind it. My mistake in introducing the term 'proxy-arp' in the first place, I probably hadn't given it enough thought or been confused and assumed that the public servers actually used their public IP addresses. Sorry for the confusion created. Tobias
Thanks to Peter and Tobias for their input. I should have thought about this long ago. What kind of overhead is their in doing this? Are there any pitfalls? Like in NT the first IP becomes the primary... Ray On Fri 07 Dec 01 11:53, Reckhard, Tobias wrote:
My guess is that proxy_arp is the wrong tool then.
Try adding additional IPs to the Interface of the Firewall. For example try: "ip add 66.8.45.171 dev eth0"
Package: iproute2 (SuSE 7.2)
then your FW answers the arp-requests (I think so).
Deactivate proxy_arp.
This is true, Ray doesn't want proxy-arp, he wants the firewall to answer arps on behalf of the public servers behind it. My mistake in introducing the term 'proxy-arp' in the first place, I probably hadn't given it enough thought or been confused and assumed that the public servers actually used their public IP addresses. Sorry for the confusion created.
Tobias
participants (2)
-
Ray Leach
-
Reckhard, Tobias