Date: Thu, 17 Nov 2005 16:52:03 +0100 From: Jon Otterholm <jon.otterholm@ide.resurscentrum.se> To: Brian Candler <B.Candler@pobox.com> Cc: freebsd-net@freebsd.org, Jeremie Le Hen <jeremie@le-hen.org> Subject: Re: arp-proxy Message-ID: <1132242723.819.45.camel@localhost.localdomain> In-Reply-To: <20051117152357.GA8209@uk.tiscali.com> References: <1131541588.996.13.camel@localhost.localdomain> <20051110124903.GB67086@uk.tiscali.com> <1131629107.878.22.camel@localhost.localdomain> <20051117135738.GH5197@obiwan.tataz.chchile.org> <1132239963.819.18.camel@localhost.localdomain> <20051117152357.GA8209@uk.tiscali.com>
next in thread | previous in thread | raw e-mail | index | archive | help
OK Scenario#1: -I have a range of ip's, for example 215.10.10.0 - 215.10.10.255. -I want to distrubute theese ip's to my customers via DHCP. -They are all atached to me via a VLAN-trunk on a unique VID -I have 200+ customers. If I was to subnet these addresses so that all the sustomers would get their own IF (with an IP) in my router and their own IP I could create a bunch of /30-nets but each customer would take up 4 IP's (net, G/W, CustomerIP, Broadcast) - and that is a big vaste of IP's in my opinion. If I instead could create a pseudo bridge with a "mother if" acting as gateway, distrute IP's via DHCP (ISC?) I could reduce the number of IP's and administration when adding new customers. Anyone with a souloution or revelation? /Jon On Thu, 2005-11-17 at 15:23 +0000, Brian Candler wrote: > On Thu, Nov 17, 2005 at 04:06:03PM +0100, Jon Otterholm wrote: > > Not a big fan of Linux though. I will have to wait for this to be ported > > to BSD. Anyone with info if this is being done? > ... > > > [1] http://www.sjdjweis.com/linux/proxyarp/ > > You can do proxyarp like that with FreeBSD now. However you can't assign the > same range of IPs to multiple interfaces, for obvious reasons. > > I think the way you'll have to do it is to lie to your customers about the > subnetting. For example, tell all your customers that they need a /16 > (255.255.0.0 netmask). Then you can actually configure: > > ifconfig vlan0 192.168.0.1/28 > ifconfig vlan1 192.168.0.17/28 > ifconfig vlan2 192.168.0.33/28 > ... > ifconfig vlan4095 192.168.255.249/28 > > Now, the customer on vlan0 can use 192.168.0.2 to 192.168.0.14 with a /16 > netmask. The customer on vlan1 can use 192.168.18 to 192.168.30 with a /16 > netmask, and so on. > > When the FreeBSD machine sends a packet to the customer, that's fine. It > knows which vlan interface to use, and hence ARPs for the customer down that > interface, based on the fact that each customer is within their own /28 > range. > > When the customer tries to send to another customer, you run choparp or a > similar program so that if they ARP for 192.168.X.X the FreeBSD machine > always responds with its own MAC address. > > However, I see virtually no benefit in going down this route. The customer > might as well just set up a /28 netmask and point defaultroute at the > relevant FreeBSD IP address (192.168.0.1 or 192.168.0.17 or ...), and then > you do *proper* routing. > > After all, even with proxyARP, they will still see your router as an > IP-level "hop" (it decrements TTL). And non-IP packets and broadcasts won't > be forwarded between the subnets. Furthermore, if a customer decides to > configure an IP address outside of their 'allowed' range, it won't work - > and it will be hard to debug, as the FreeBSD box and the wrongly-configured > box will *both* respond to the same ARP request, and so sometimes one will > win and sometimes the other will win. > > So, I really don't think you want to do this :-) > > Regards, > > Brian.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1132242723.819.45.camel>