From owner-freebsd-net@FreeBSD.ORG Mon Nov 15 00:49:19 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 59B3816A4CE for ; Mon, 15 Nov 2004 00:49:19 +0000 (GMT) Received: from pit.databus.com (p70-227.acedsl.com [66.114.70.227]) by mx1.FreeBSD.org (Postfix) with ESMTP id A761F43D31 for ; Mon, 15 Nov 2004 00:49:18 +0000 (GMT) (envelope-from barney@pit.databus.com) Received: from pit.databus.com (localhost [127.0.0.1]) by pit.databus.com (8.13.1/8.13.1) with ESMTP id iAF0n5jt004422; Sun, 14 Nov 2004 19:49:05 -0500 (EST) (envelope-from barney@pit.databus.com) Received: (from barney@localhost) by pit.databus.com (8.13.1/8.13.1/Submit) id iAF0n5nE004421; Sun, 14 Nov 2004 19:49:05 -0500 (EST) (envelope-from barney) Date: Sun, 14 Nov 2004 19:49:05 -0500 From: Barney Wolff To: "Jacob S. Barrett" Message-ID: <20041115004905.GA4275@pit.databus.com> References: <200411141311.49502.jbarrett@amduat.net> <4197D8C5.5050601@elischer.org> <200411141623.10060.jbarrett@amduat.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200411141623.10060.jbarrett@amduat.net> User-Agent: Mutt/1.5.6i X-Scanned-By: MIMEDefang 2.48 on 127.0.0.1 cc: freebsd-net@freebsd.org Subject: Re: Universal Client Gateway X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Nov 2004 00:49:19 -0000 On Sun, Nov 14, 2004 at 04:23:08PM -0800, Jacob S. Barrett wrote: > On Sunday 14 November 2004 02:14 pm, Julian Elischer > wrote: > > sounds like you just want to run natd. > > I do for all the traffic exiting the WAN interface. I am doing that and I can > pass traffic from the host through the universal proxy to the destination. > The traffic coming back from the destination enters WAN interface and natd > and is translated back to the host interface but gets routed back out the WAN > (default route) since the host is not local. I need to be able to spoof the > routing table into forwarding the packet back out the LAN internface. When you have arpd (probably modified slightly) answer for a new "gateway" address, add it as an alias to the interface on which the arp request was received, with a netmask that will cover the address from which the request came. Then responses to the original requester will naturally go back out the right interface. Of course, this is all pretty pointless. It would be better to force the clients to use dhcp, even if they're transients. Also, it's rather dangerous - would you notice if such a client claimed to have the IP address of your Internet gateway, and thus captured everybody's traffic? -- Barney Wolff http://www.databus.com/bwresume.pdf I'm available by contract or FT, in the NYC metro area or via the 'Net.