Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

shorewall-proxyarp(5) [debian man page]

SHOREWALL-PROXYARP(5)						  [FIXME: manual]					     SHOREWALL-PROXYARP(5)

NAME

       proxyarp - Shorewall Proxy ARP file

SYNOPSIS

       /etc/shorewall/proxyarp

DESCRIPTION

       This file is used to define Proxy ARP. There is one entry in this file for each IP address to be proxied.

       The columns in the file are as follows.

       ADDRESS - address
	   IP Address.

       INTERFACE - interface (Optional as of Shorewall 4.4.16)
	   Local interface where system with the ip address in ADDRESS is connected. This column is only required when HAVEROUTE is set to No (no)
	   or is left empty.

       EXTERNAL - interface
	   External Interface to be used to access this system from the Internet.

       HAVEROUTE - [-|Yes|No]
	   If there is already a route from the firewall to the host whose address is given, enter Yes or yes in this column. Otherwise, enter no
	   or No or leave the column empty and Shorewall will add the route for you. If Shorewall adds the route, its persistence depends on the
	   value of thePERSISTENT column contains Yes; otherwise, shorewall stop or shorewall clear will delete the route.

       PERSISTENT - [-|Yes|No]
	   If HAVEROUTE is No or no, then the value of this column determines if the route added by Shorewall persists after a shorewall stop or a
	   shorewall clear. If this column contains Yes or yes then the route persists; If the column is empty or contains No or no then the route
	   is deleted by shorewall stop or shorewall clear.

EXAMPLE

       Example 1:
	   Host with IP 155.186.235.6 is connected to interface eth1 and we want hosts attached via eth0 to be able to access it using that
	   address.

		      #ADDRESS	      INTERFACE       EXTERNAL
		      155.186.235.6   eth1	      eth0

FILES

       /etc/shorewall/proxyarp

SEE ALSO

       http://shorewall.net/ProxyARP.htm

       http://shorewall.net/configuration_file_basics.htm#Pairs

       shorewall(8), shorewall-accounting(5), shorewall-actions(5), shorewall-blacklist(5), shorewall-hosts(5), shorewall_interfaces(5),
       shorewall-ipsets(5), shorewall-maclist(5), shorewall-masq(5), shorewall-nat(5), shorewall-netmap(5), shorewall-params(5),
       shorewall-policy(5), shorewall-providers(5), shorewall-rtrules(5), shorewall-routestopped(5), shorewall-rules(5), shorewall.conf(5),
       shorewall-secmarks(5), shorewall-tcclasses(5), shorewall-tcdevices(5), shorewall-tcrules(5), shorewall-tos(5), shorewall-tunnels(5),
       shorewall-zones(5)

[FIXME: source] 						    06/28/2012						     SHOREWALL-PROXYARP(5)

Check Out this Related Man Page

SHOREWALL-IPSETS(5)						  [FIXME: manual]					       SHOREWALL-IPSETS(5)

NAME

       ipsets - Specifying the name if an ipset in Shorewall configuration files

SYNOPSIS

       +ipsetname

       +ipsetname[flag,...]

       +[ipsetname,...]

DESCRIPTION

       Note: In the above syntax descriptions, the square brackets ("[]") are to be taken literally rather than as meta-characters.

       In most places where a network address may be entered, an ipset may be substituted. Set names must be prefixed by the character "+", must
       start with a letter and may be composed of alphanumeric characters, "-" and "_".

       Whether the set is matched against the packet source or destination is determined by which column the set name appears (SOURCE or DEST).
       For those set types that specify a tupple, two alternative syntaxes are available:
	   [number] - Indicates that 'src' or
		 'dst' should repleated number times. Example: myset[2].
	   [flag,...] where
		 flag is src or
		 dst. Example: myset[src,dst].

       In a SOURCE column, the following pairs are equivalent:

       o   +myset[2] and +myset[src,src]

       In a DEST column, the following paris are equivalent:

       o   +myset[2] and +myset[dst,dst]

       Beginning with Shorewall 4.4.14, multiple source or destination matches may be specified by enclosing the set names within +[...]. The set
       names need not be prefixed with '+'. When such a list of sets is specified, matching packets must match all of the listed sets.

       For information about set lists and exclusion, see shorewall-exclusion[1] (5).

EXAMPLES

       +myset

       +myset[src]

       +myset[2]

       +[myset1,myset2[dst]]

FILES

       /etc/shorewall/accounting

       /etc/shorewall/blacklist

       /etc/shorewall/hosts -- Note: Multiple matches enclosed in +[...] may not be used in this file.

       /etc/shorewall/maclist -- Note: Multiple matches enclosed in +[...] may not be used in this file.

       /etc/shorewall/masq

       /etc/shorewall/rules

       /etc/shorewall/secmarks

       /etc/shorewall/tcrules

SEE ALSO

       shorewall(8), shorewall-accounting(5), shorewall-actions(5), shorewall-blacklist(5), shorewall-hosts(5), shorewall_interfaces(5),
       shorewall-maclist(5), shorewall-masq(5), shorewall-nat(5), shorewall-netmap(5), shorewall-params(5), shorewall-policy(5),
       shorewall-providers(5), shorewall-proxyarp(5), shorewall-rtrules(5), shorewall-routestopped(5), shorewall-rules(5), shorewall.conf(5),
       shorewall-secmarks(5), shorewall-tcclasses(5), shorewall-tcdevices(5), shorewall-tcrules(5), shorewall-tos(5), shorewall-tunnels(5),
       shorewall-zones(5)

NOTES

	1. shorewall-exclusion
	   http://www.shorewall.net/manpages/shorewall-exclusion.html

[FIXME: source] 						    06/28/2012						       SHOREWALL-IPSETS(5)
Man Page