From owner-freebsd-isp@FreeBSD.ORG  Fri Apr 22 16:15:19 2005
Return-Path: <owner-freebsd-isp@FreeBSD.ORG>
Delivered-To: freebsd-isp@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 890A116A4D3
	for <freebsd-isp@freebsd.org>; Fri, 22 Apr 2005 16:15:19 +0000 (GMT)
Received: from lakepoint.domeneshop.no (lakepoint.domeneshop.no
	[194.63.248.41])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 4D4E843D48
	for <freebsd-isp@freebsd.org>; Fri, 22 Apr 2005 16:15:18 +0000 (GMT)
	(envelope-from lists@wm-access.no)
Received: from [192.168.2.8] (gw1.wm-access.no [81.191.131.91])
	(authenticated bits=0)j3MGFHPs030140;	Fri, 22 Apr 2005 18:15:17 +0200
Message-ID: <42692308.10303@wm-access.no>
Date: Fri, 22 Apr 2005 18:15:04 +0200
From: =?UTF-8?B?U3RlbiBEYW5pZWwgU8O4cnNkYWw=?= <lists@wm-access.no>
User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: =?UTF-8?B?VXJiw6FuIENzYWJh?= <ucsaba@freemail.hu>
References: <freemail.20050322142023.32596@fm4.freemail.hu>
In-Reply-To: <freemail.20050322142023.32596@fm4.freemail.hu>
X-Enigmail-Version: 0.90.2.0
X-Enigmail-Supports: pgp-inline, pgp-mime
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
cc: freebsd-isp@freebsd.org
Subject: Re: IP unnumbered VLANs
X-BeenThere: freebsd-isp@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Internet Services Providers <freebsd-isp.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-isp>,
	<mailto:freebsd-isp-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-isp>
List-Post: <mailto:freebsd-isp@freebsd.org>
List-Help: <mailto:freebsd-isp-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-isp>,
	<mailto:freebsd-isp-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Apr 2005 16:15:19 -0000

> 
> Did anybody try something like this - with success, of course :)
> 

Yes, had success with FreeBSD 4.x, OpenBSD and RouterOS (Linux).
What you need to emphasize is a good bridge as routing gateway that has
very good Layer2 filtering capabilities to filter traffic between vlans
but still bridge them all together into one bridge (so they cant access
each other and not be able to spoof etc).

One of your imidiate weaknesses will be if two users have the same mac
address, therefore i suggest a 802.1D compliant bridge (so no single
customer can deny another customers service by using same mac address
but instead this results in duplication of packets).

Also one customer can steal another customers address by sending
creative arp packets to the gateway, you might want to strengthen that
with some custom code, unless it's already done.

Also if they want to communicate with eachother i suggest you write a
proxy arp app instead of letting them talk to eachother on L2.

--
Sten Daniel Sørsdal