From: Vieri Di P. <vie...@ya...> - 2011-03-25 17:58:38
|
--- On Thu, 3/24/11, Tom Eastep <te...@sh...> wrote: > > --- On Thu, 3/24/11, Vieri Di Paola <vie...@ya...> > wrote: > > > >> If I setup eth0 and eth1 as routed interfaces (no > bridge) > >> on "SW BOX 1" I need to do masquerading of the loc > zone. > > > > Or maybe not... > > > > Probably not -- use proxy ARP instead of a bridge. Could I merely specify the “proxyarp” option on both of my firewall interfaces in /etc/shorewall/interfaces? LOC (10.215.0.0) <-> eth0 (10.215.144.91) "proxyARP option" - shorewall $FW - eth1 (172.16.0.1) "proxyARP option" <-> NET eth0 (172.16.0.2) - Multi-ISP shorewall gateway -> Internet Vieri |