From owner-freebsd-net@FreeBSD.ORG Thu Nov 17 15:24:02 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 960E216A41F for ; Thu, 17 Nov 2005 15:24:02 +0000 (GMT) (envelope-from b.candler@pobox.com) Received: from orb.pobox.com (orb.pobox.com [207.8.226.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1E82543D45 for ; Thu, 17 Nov 2005 15:24:02 +0000 (GMT) (envelope-from b.candler@pobox.com) Received: from orb (localhost [127.0.0.1]) by orb.pobox.com (Postfix) with ESMTP id 895E8704; Thu, 17 Nov 2005 10:24:51 -0500 (EST) Received: from mappit.local.linnet.org (212-74-113-67.static.dsl.as9105.com [212.74.113.67]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by orb.sasl.smtp.pobox.com (Postfix) with ESMTP id 3621289; Thu, 17 Nov 2005 10:24:49 -0500 (EST) Received: from brian by mappit.local.linnet.org with local (Exim 4.54 (FreeBSD)) id 1EclcD-00029D-DK; Thu, 17 Nov 2005 15:23:57 +0000 Date: Thu, 17 Nov 2005 15:23:57 +0000 From: Brian Candler To: Jon Otterholm Message-ID: <20051117152357.GA8209@uk.tiscali.com> References: <1131541588.996.13.camel@localhost.localdomain> <20051110124903.GB67086@uk.tiscali.com> <1131629107.878.22.camel@localhost.localdomain> <20051117135738.GH5197@obiwan.tataz.chchile.org> <1132239963.819.18.camel@localhost.localdomain> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1132239963.819.18.camel@localhost.localdomain> User-Agent: Mutt/1.4.2.1i Cc: freebsd-net@freebsd.org, Jeremie Le Hen Subject: Re: arp-proxy X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Nov 2005 15:24:02 -0000 On Thu, Nov 17, 2005 at 04:06:03PM +0100, Jon Otterholm wrote: > Not a big fan of Linux though. I will have to wait for this to be ported > to BSD. Anyone with info if this is being done? ... > > [1] http://www.sjdjweis.com/linux/proxyarp/ You can do proxyarp like that with FreeBSD now. However you can't assign the same range of IPs to multiple interfaces, for obvious reasons. I think the way you'll have to do it is to lie to your customers about the subnetting. For example, tell all your customers that they need a /16 (255.255.0.0 netmask). Then you can actually configure: ifconfig vlan0 192.168.0.1/28 ifconfig vlan1 192.168.0.17/28 ifconfig vlan2 192.168.0.33/28 ... ifconfig vlan4095 192.168.255.249/28 Now, the customer on vlan0 can use 192.168.0.2 to 192.168.0.14 with a /16 netmask. The customer on vlan1 can use 192.168.18 to 192.168.30 with a /16 netmask, and so on. When the FreeBSD machine sends a packet to the customer, that's fine. It knows which vlan interface to use, and hence ARPs for the customer down that interface, based on the fact that each customer is within their own /28 range. When the customer tries to send to another customer, you run choparp or a similar program so that if they ARP for 192.168.X.X the FreeBSD machine always responds with its own MAC address. However, I see virtually no benefit in going down this route. The customer might as well just set up a /28 netmask and point defaultroute at the relevant FreeBSD IP address (192.168.0.1 or 192.168.0.17 or ...), and then you do *proper* routing. After all, even with proxyARP, they will still see your router as an IP-level "hop" (it decrements TTL). And non-IP packets and broadcasts won't be forwarded between the subnets. Furthermore, if a customer decides to configure an IP address outside of their 'allowed' range, it won't work - and it will be hard to debug, as the FreeBSD box and the wrongly-configured box will *both* respond to the same ARP request, and so sometimes one will win and sometimes the other will win. So, I really don't think you want to do this :-) Regards, Brian.