From owner-freebsd-questions@FreeBSD.ORG Thu Oct 14 13:14:13 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CD14E1065673 for ; Thu, 14 Oct 2010 13:14:13 +0000 (UTC) (envelope-from jherman@dichotomia.fr) Received: from mail.dichotomia.fr (hydrogen.dichotomia.net [91.121.82.228]) by mx1.freebsd.org (Postfix) with ESMTP id 8EC898FC1E for ; Thu, 14 Oct 2010 13:14:13 +0000 (UTC) Received: from [192.168.0.22] (109.53-251-89.rdns.acropolistelecom.net [89.251.53.109]) (Authenticated sender: kha) by sslmail.dichotomia.fr (Postfix) with ESMTPSA id F23393DD062 for ; Thu, 14 Oct 2010 15:14:07 +0200 (CEST) Message-ID: <4CB70296.8060508@dichotomia.fr> Date: Thu, 14 Oct 2010 15:16:06 +0200 From: Jerome Herman User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.12) Gecko/20100915 Thunderbird/3.0.8 MIME-Version: 1.0 To: freebsd-questions@freebsd.org References: <4CB5C9FE.90101@dichotomia.fr> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.2.5 (sslmail.dichotomia.fr); Thu, 14 Oct 2010 15:14:08 +0200 (CEST) Subject: Re: Is it a good idea to use DHCP for point to point connections ? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Oct 2010 13:14:13 -0000 Le 13/10/2010 22:25, Elliot Finley a écrit : > we did this with DSL customers. But instead of using a unique gateway for > each Client, just use IP Unnumbered and proxy arp for your loopback > interface. > I was about to say that this solution seemed extremely sensitive to spoofing. But I figured out that my solution was not necessarily better. Looks like I will have to go for hardware solution after all... I am currently checking on Cisco private vlan system. But I am not a big fan of Cisco (Well to be perfectly honest I love the hardware...). Does anyone know of an alternative ? Jerome Herman > On Wed, Oct 13, 2010 at 9:02 AM, Jerome Hermanwrote: > > >> Hello, >> >> Given the price (an tedious management) of layer 3 switches I was thinking >> about using modified DHCP to distribute addresses with a /32 netmask >> (255.255.255.255) >> >> The Idea : Create a cheap (and preferably not dirty) way to have client >> isolation, without creating tons of vlan. >> >> Pratictal overview : The DHCP server will be serving IP addresses and >> gateways with a /32 mask. >> Client1 would recieve IP adress of 241.0.0.1 with a netmask of >> 255.255.255.255 and a gateway of 240.0.0.1 >> Client2 would recieve IP adress of 241.0.0.2 with a netmask of >> 255.255.255.255 and a gateway of 240.0.0.2 >> Client3 would recieve IP adress of 241.0.0.3 with a netmask of >> 255.255.255.255 and a gateway of 240.0.0.3 >> etc. >> >> Of course the gateway will have to have as many IP as there are clients >> (Unless I am mistaken) >> >> The questions : >> - Is there something similar already existing ? It must not require any >> configuration on the client side other than activating DHCP. >> - Would this work ? I do not see why it would not, though I am a little >> anxious about having tens of point to point connections going to the same >> physical port. >> - I could not find anything forbidding it in RFC2131, but then again I >> might be wrong. Am I ? >> - One problem remains that is solved by vlan isolation but not by DHCP >> isolation : rogue DHCP servers. Any Idea to crush those ? >> >> I hope it is not inappropriate to post this on this list. But it is an >> interesting problem (I think). >> >> Jerome Herman >> _______________________________________________ >> freebsd-questions@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-questions >> To unsubscribe, send any mail to " >> freebsd-questions-unsubscribe@freebsd.org" >> >> > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" >