[lug] Update on ARP replies from both firewall interfaces...

[celttechie (Brian Jarrett)]

BTW, I was able to fix the problem I was having where both firewall interfaces were replying to an ARP request for the IP address of one interface.  
If you remember, I stated that both interfaces were on the same LAN while I was testing the firewall capability.  When I initially set this up, I had no problems.  A couple months later, no box on the internal network was able to ping the internal interface of the firewall because a bogus ARP reply was coming back from the external interface.

Since it had worked previously and I had been working on my own script for ipchains, I decided to go back to the Bastille script that I had running at first.  Something in that script is preventing the ARP reply problem.  I've noticed that the Bastille has some scripting to load and/or unload modules, so there must be something there that prevents the problem.  If I run the Bastille script and then apply my own ipchains script, the problem does not come back, so I know that it is nothing that I'm doing with ipchains that caused the problem.  Rather, the problem occurred because I wasn't running the Bastille script first.

Now all I have to do is find what that script does to prevent the problem.

Thanks to all who gave suggestions...

Brian Jarrett (celttechie)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lug.boulder.co.us/pipermail/lug/attachments/20010308/57024758/attachment.html>