<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content="text/html; charset=iso-8859-1" http-equiv=Content-Type>
<META content="MSHTML 5.00.2919.6307" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#c0c0c0>
<DIV><FONT face=Arial size=2>BTW, I was able to fix the problem I was having
where both firewall interfaces were replying to an ARP request for the IP
address of one interface. </FONT></DIV>
<DIV><FONT face=Arial size=2>If you remember, I stated that both interfaces were
on the same LAN while I was testing the firewall capability. When I
initially set this up, I had no problems. A couple months later, no box on
the internal network was able to ping the internal interface of the firewall
because a bogus ARP reply was coming back from the external
interface.</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial size=2>Since it had worked previously and I had been
working on my own script for ipchains, I decided to go back to the Bastille
script that I had running at first. Something in that script is preventing
the ARP reply problem. I've noticed that the Bastille has some scripting
to load and/or unload modules, so there must be something there that prevents
the problem. If I run the Bastille script and then apply my own ipchains
script, the problem does not come back, so I know that it is nothing that I'm
doing with ipchains that caused the problem. Rather, the problem occurred
because I wasn't running the Bastille script first.</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial size=2>Now all I have to do is find what that script does
to prevent the problem.</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial size=2>Thanks to all who gave suggestions...</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial size=2>Brian Jarrett
(celttechie)</FONT></DIV></BODY></HTML>