Mailinglist Archive: opensuse-security (465 mails)

< Previous Next >
Re: [suse-security] Connecting firewall directly to router ...
  • From: Ray Leach <raymondl@xxxxxxxxxxxxxxxxxxxxxx>
  • Date: Wed, 5 Dec 2001 12:00:09 +0200
  • Message-id: <20011205095756.EAC90E6591@xxxxxxxxxxxx>
On Mon 03 Dec 01 22:12, Søren Kent Jensen wrote:
> I too had problems with proxy arp.
>
> I got it to work (with help) by doing a 'arp -i eth0 -s xxx.xxx.xxx.xxx
> 00:00:00:00:00:00 pub Where eth0 is the outside if and xxx.xxx.xxx.xxx is
> the outside IP address. And of cause the correct MAC address of that
> interface. But it dident work before I added a route!!!! 'route add -host
> xxx.xxx.xxx.xxx eth1' Where eth1 is the inside of my firewall.
>
> Hope you can make it work.
>
>
> Regards
> Søren Kent Jensen
>

Hi

I've tried several things to get this to work. Does my DMZ have to have
public IPs for this to work?

I've done this :
iptables -t nat -A PREROUTING -p tcp --dport 80 -d 66.8.45.171 -j DNAT
--to-destination 192.168.1.171:80
arp -i eth0 -s 66.8.45.171 00:01:02:50:B8:9E pub
echo "1" > /proc/sys/net/ipv4/conf/eth0/proxy_arp

This didn't work. I still get arp requests for 66.8.45.171 from the router at
66.8.45.161, but my firewall (66.8.45.162) does not answer them.

I tried to add a route for 66.8.45.171 to route via 192.168.1.1 (DMZ
interface).

Any more ideas?

Ray

< Previous Next >