From owner-freebsd-net@FreeBSD.ORG Thu Nov 17 15:52:05 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6F59016A41F for ; Thu, 17 Nov 2005 15:52:05 +0000 (GMT) (envelope-from jon.otterholm@ide.resurscentrum.se) Received: from mail1.cil.se (mail1.cil.se [217.197.56.125]) by mx1.FreeBSD.org (Postfix) with ESMTP id C46B743D45 for ; Thu, 17 Nov 2005 15:52:04 +0000 (GMT) (envelope-from jon.otterholm@ide.resurscentrum.se) Received: from 192.168.2.10 ([192.168.2.10]) by edusrv05.edu.irc.local ([192.168.44.14]) with Microsoft Exchange Server HTTP-DAV ; Thu, 17 Nov 2005 15:52:03 +0000 Received: from by mail1.cil.se; 17 Nov 2005 15:52:03 +0000 From: Jon Otterholm To: Brian Candler In-Reply-To: <20051117152357.GA8209@uk.tiscali.com> References: <1131541588.996.13.camel@localhost.localdomain> <20051110124903.GB67086@uk.tiscali.com> <1131629107.878.22.camel@localhost.localdomain> <20051117135738.GH5197@obiwan.tataz.chchile.org> <1132239963.819.18.camel@localhost.localdomain> <20051117152357.GA8209@uk.tiscali.com> Content-Type: text/plain Content-Transfer-Encoding: 7bit Date: Thu, 17 Nov 2005 16:52:03 +0100 Message-Id: <1132242723.819.45.camel@localhost.localdomain> Mime-Version: 1.0 X-Mailer: Evolution 2.2.3 FreeBSD GNOME Team Port Cc: freebsd-net@freebsd.org, Jeremie Le Hen Subject: Re: arp-proxy X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Nov 2005 15:52:05 -0000 OK Scenario#1: -I have a range of ip's, for example 215.10.10.0 - 215.10.10.255. -I want to distrubute theese ip's to my customers via DHCP. -They are all atached to me via a VLAN-trunk on a unique VID -I have 200+ customers. If I was to subnet these addresses so that all the sustomers would get their own IF (with an IP) in my router and their own IP I could create a bunch of /30-nets but each customer would take up 4 IP's (net, G/W, CustomerIP, Broadcast) - and that is a big vaste of IP's in my opinion. If I instead could create a pseudo bridge with a "mother if" acting as gateway, distrute IP's via DHCP (ISC?) I could reduce the number of IP's and administration when adding new customers. Anyone with a souloution or revelation? /Jon On Thu, 2005-11-17 at 15:23 +0000, Brian Candler wrote: > On Thu, Nov 17, 2005 at 04:06:03PM +0100, Jon Otterholm wrote: > > Not a big fan of Linux though. I will have to wait for this to be ported > > to BSD. Anyone with info if this is being done? > ... > > > [1] http://www.sjdjweis.com/linux/proxyarp/ > > You can do proxyarp like that with FreeBSD now. However you can't assign the > same range of IPs to multiple interfaces, for obvious reasons. > > I think the way you'll have to do it is to lie to your customers about the > subnetting. For example, tell all your customers that they need a /16 > (255.255.0.0 netmask). Then you can actually configure: > > ifconfig vlan0 192.168.0.1/28 > ifconfig vlan1 192.168.0.17/28 > ifconfig vlan2 192.168.0.33/28 > ... > ifconfig vlan4095 192.168.255.249/28 > > Now, the customer on vlan0 can use 192.168.0.2 to 192.168.0.14 with a /16 > netmask. The customer on vlan1 can use 192.168.18 to 192.168.30 with a /16 > netmask, and so on. > > When the FreeBSD machine sends a packet to the customer, that's fine. It > knows which vlan interface to use, and hence ARPs for the customer down that > interface, based on the fact that each customer is within their own /28 > range. > > When the customer tries to send to another customer, you run choparp or a > similar program so that if they ARP for 192.168.X.X the FreeBSD machine > always responds with its own MAC address. > > However, I see virtually no benefit in going down this route. The customer > might as well just set up a /28 netmask and point defaultroute at the > relevant FreeBSD IP address (192.168.0.1 or 192.168.0.17 or ...), and then > you do *proper* routing. > > After all, even with proxyARP, they will still see your router as an > IP-level "hop" (it decrements TTL). And non-IP packets and broadcasts won't > be forwarded between the subnets. Furthermore, if a customer decides to > configure an IP address outside of their 'allowed' range, it won't work - > and it will be hard to debug, as the FreeBSD box and the wrongly-configured > box will *both* respond to the same ARP request, and so sometimes one will > win and sometimes the other will win. > > So, I really don't think you want to do this :-) > > Regards, > > Brian.