<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN" "http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd"> <refentry> <refmeta> <refentrytitle>shorewall-proxyarp</refentrytitle> <manvolnum>5</manvolnum> </refmeta> <refnamediv> <refname>proxyarp</refname> <refpurpose>Shorewall Proxy ARP file</refpurpose> </refnamediv> <refsynopsisdiv> <cmdsynopsis> <command>/etc/shorewall/proxyarp</command> </cmdsynopsis> </refsynopsisdiv> <refsect1> <title>Description</title> <para>This file is used to define Proxy ARP. There is one entry in this file for each IP address to be proxied.</para> <para>The columns in the file are as follows.</para> <variablelist> <varlistentry> <term><emphasis role="bold">ADDRESS</emphasis> - <emphasis>address</emphasis></term> <listitem> <para>IP Address.</para> </listitem> </varlistentry> <varlistentry> <term><emphasis role="bold">INTERFACE</emphasis> - <emphasis>interface</emphasis> (Optional as of Shorewall 4.4.16)</term> <listitem> <para>Local interface where system with the ip address in ADDRESS is connected. This column is only required when HAVEROUTE is set to <emphasis role="bold">No</emphasis> (<emphasis role="bold">no</emphasis>) or is left empty.</para> </listitem> </varlistentry> <varlistentry> <term><emphasis role="bold">EXTERNAL</emphasis> - <emphasis>interface</emphasis></term> <listitem> <para>External Interface to be used to access this system from the Internet.</para> </listitem> </varlistentry> <varlistentry> <term><emphasis role="bold">HAVEROUTE</emphasis> - [<emphasis role="bold">-</emphasis>|<emphasis role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>]</term> <listitem> <para>If there is already a route from the firewall to the host whose address is given, enter <emphasis role="bold">Yes</emphasis> or <emphasis role="bold">yes</emphasis> in this column. Otherwise, enter <emphasis role="bold">no</emphasis> or <emphasis role="bold">No</emphasis> or leave the column empty and Shorewall will add the route for you. If Shorewall adds the route, its persistence depends on the value of the<emphasis role="bold">PERSISTENT</emphasis> column contains <emphasis role="bold">Yes</emphasis>; otherwise, <emphasis role="bold">shorewall stop</emphasis> or <emphasis role="bold">shorewall clear</emphasis> will delete the route.</para> </listitem> </varlistentry> <varlistentry> <term><emphasis role="bold">PERSISTENT</emphasis> - [<emphasis role="bold">-</emphasis>|<emphasis role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>]</term> <listitem> <para>If HAVEROUTE is <emphasis role="bold">No</emphasis> or <emphasis role="bold">no</emphasis>, then the value of this column determines if the route added by Shorewall persists after a <emphasis role="bold">shorewall stop</emphasis> or a <emphasis role="bold">shorewall clear</emphasis>. If this column contains <emphasis role="bold">Yes</emphasis> or <emphasis role="bold">yes</emphasis> then the route persists; If the column is empty or contains <emphasis role="bold">No</emphasis> or <emphasis role="bold">no</emphasis> then the route is deleted by <command>shorewall stop</command> or <command>shorewall clear</command>.</para> </listitem> </varlistentry> </variablelist> </refsect1> <refsect1> <title>Example</title> <variablelist> <varlistentry> <term>Example 1:</term> <listitem> <para>Host with IP 155.186.235.6 is connected to interface eth1 and we want hosts attached via eth0 to be able to access it using that address.</para> <programlisting> #ADDRESS INTERFACE EXTERNAL 155.186.235.6 eth1 eth0</programlisting> </listitem> </varlistentry> </variablelist> </refsect1> <refsect1> <title>FILES</title> <para>/etc/shorewall/proxyarp</para> </refsect1> <refsect1> <title>See ALSO</title> <para><ulink url="http://shorewall.net/ProxyARP.htm">http://shorewall.net/ProxyARP.htm</ulink></para> <para><ulink url="http://shorewall.net/configuration_file_basics.htm#Pairs">http://shorewall.net/configuration_file_basics.htm#Pairs</ulink></para> <para>shorewall(8), shorewall-accounting(5), shorewall-actions(5), shorewall-blacklist(5), shorewall-hosts(5), shorewall_interfaces(5), shorewall-ipsets(5), shorewall-maclist(5), shorewall-masq(5), shorewall-nat(5), shorewall-netmap(5), shorewall-params(5), shorewall-policy(5), shorewall-providers(5), shorewall-rtrules(5), shorewall-routestopped(5), shorewall-rules(5), shorewall.conf(5), shorewall-secmarks(5), shorewall-tcclasses(5), shorewall-tcdevices(5), shorewall-tcrules(5), shorewall-tos(5), shorewall-tunnels(5), shorewall-zones(5)</para> </refsect1> </refentry>