Date: 31 May 2000 12:04:37 -0400 From: Lowell Gilbert <lowell@world.std.com> To: Andy Dills <andy@xecu.net> Cc: Doug Barton <DougB@gorean.org>, freebsd-questions@freebsd.org Subject: Re: promiscuous ethernet Message-ID: <44wvkau2ne.fsf@lowellg.ne.mediaone.net> In-Reply-To: Andy Dills's message of "Sat, 27 May 2000 13:39:26 -0400 (EDT)" References: <Pine.GSO.4.21.0005271335240.26834-100000@shell.xecu.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Andy Dills <andy@xecu.net> writes:
> On 27 May 2000, Lowell Gilbert wrote:
>
> > I *think* he's saying that he's not just taking over an existing
> > installation, he's going to have to have people coming in who are
> > configured for, say, their own offices somewhere else on the net, and
> > have to have their settings work in *his* office. If that's the case,
> > he can get them up and running on his net, but any services they're
> > used to using are going to require extra programming (in pretty much
> > the same sense his idea for DNS did), and some won't work at all (like
> > printer settings or mail servers -- in that case, they may really
> > *want* to talk to their "home" server, and there's no way he can do
> > that). I realize that I may be reading a lot into this, but the fact
> > that he was snooping the ARP broadcasts to figure out what addresses
> > to NAT sounds like a bad sign. The fact that he will have to guess
> > the netmasks is the least of those worries...
>
> That was one of the questions I had that I wasn't very sure on; maybe you
> could shed a little light.
>
> My thoughts were this: how much traffic will I need to send to a customer
> on broadcast and not directly to his IP? In what situations would I need
> to know the actual netmask?
Offhand, I don't think you'll ever need the netmask for sending packets
to the customer's machine. Where you'll probably need it is for
determining whether a given packet was intended for a "local" service
(in which case you'll need to simulate it) or not (in which case you'll
need to proxy -- or at least address-translate -- for it). If you can
figure out what a machine thinks its router's address is, that will
help. If anybody's ideas of their network overlaps with anyone else's
(or, Heaven Forbid, yours), life is going to get unpleasant rapidly.
I think you will be finding yourself going down a rathole rather quickly
with this whole concept, by the way. Each type of service the customers
want will have to be handled separately, or refused entirely. Surfing
the web may work with the approach you described, but sending and
receiving e-mail, for example, won't. [Sending e-mail is something you
could detect -- they probably use a "smarthost," and you'd have to guess
that and spoof it to them -- but receiving it, obviously, is probably
impossible anyway. If they can't receive their e-mail, they may not
care...] For printing, I'll bet you're going to have to get into NATing
for SMB networking, probably in a bridged environment back to the same
wire, and that thought makes me cringe in horror.
> I'm not sure how I feel about ignoring the netmask, so any ideas would be
> appreciated.
Well, you can ignore it until you're forced to do otherwise. I think
you *really* need to better define your problem, though: you need a
list of services that you're going to make work, and an understanding
that no one will complain about anything else failing to work. If you
don't get that, I'll pretty much guarantee you're going to look bad. I
also think the list will have to be pretty short.
Be well.
--
P.S. In case it's not obvious, I think the whole thing is a terrible
idea, and I hope no one else ever gets stuck having to implement
this particular broken concept.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44wvkau2ne.fsf>