From owner-freebsd-questions@FreeBSD.ORG Thu Oct 14 17:54:24 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4B6F21065675 for ; Thu, 14 Oct 2010 17:54:24 +0000 (UTC) (envelope-from jherman@dichotomia.fr) Received: from mail.dichotomia.fr (hydrogen.dichotomia.net [91.121.82.228]) by mx1.freebsd.org (Postfix) with ESMTP id D9ADF8FC08 for ; Thu, 14 Oct 2010 17:54:23 +0000 (UTC) Received: from [192.168.0.22] (109.53-251-89.rdns.acropolistelecom.net [89.251.53.109]) (Authenticated sender: kha) by sslmail.dichotomia.fr (Postfix) with ESMTPSA id B8D583DD02F; Thu, 14 Oct 2010 19:54:17 +0200 (CEST) Message-ID: <4CB74443.70606@dichotomia.fr> Date: Thu, 14 Oct 2010 19:56:19 +0200 From: Jerome Herman User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.12) Gecko/20100915 Thunderbird/3.0.8 MIME-Version: 1.0 To: freebsd-questions@freebsd.org, nathan@vidican.com References: <4CB5C9FE.90101@dichotomia.fr> <4CB70296.8060508@dichotomia.fr> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.2.5 (sslmail.dichotomia.fr); Thu, 14 Oct 2010 19:54:18 +0200 (CEST) Cc: Subject: Re: Is it a good idea to use DHCP for point to point connections ? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Oct 2010 17:54:24 -0000 Le 14/10/2010 16:33, Nathan Vidican a écrit : > On Thu, Oct 14, 2010 at 9:16 AM, Jerome Hermanwrote: > > >> Le 13/10/2010 22:25, Elliot Finley a écrit : >> >> we did this with DSL customers. But instead of using a unique gateway for >> >>> each Client, just use IP Unnumbered and proxy arp for your loopback >>> interface. >>> >>> >>> >> I was about to say that this solution seemed extremely sensitive to >> spoofing. But I figured out that my solution was not necessarily better. >> Looks like I will have to go for hardware solution after all... >> I am currently checking on Cisco private vlan system. But I am not a big >> fan of Cisco (Well to be perfectly honest I love the hardware...). Does >> anyone know of an alternative ? >> >> Jerome Herman >> >> >> >> On Wed, Oct 13, 2010 at 9:02 AM, Jerome Herman> >>>> wrote: >>>> >>> >>> >>>> Hello, >>>> >>>> Given the price (an tedious management) of layer 3 switches I was >>>> thinking >>>> about using modified DHCP to distribute addresses with a /32 netmask >>>> (255.255.255.255) >>>> >>>> The Idea : Create a cheap (and preferably not dirty) way to have client >>>> isolation, without creating tons of vlan. >>>> >>>> Pratictal overview : The DHCP server will be serving IP addresses and >>>> gateways with a /32 mask. >>>> Client1 would recieve IP adress of 241.0.0.1 with a netmask of >>>> 255.255.255.255 and a gateway of 240.0.0.1 >>>> Client2 would recieve IP adress of 241.0.0.2 with a netmask of >>>> 255.255.255.255 and a gateway of 240.0.0.2 >>>> Client3 would recieve IP adress of 241.0.0.3 with a netmask of >>>> 255.255.255.255 and a gateway of 240.0.0.3 >>>> etc. >>>> >>>> Of course the gateway will have to have as many IP as there are clients >>>> (Unless I am mistaken) >>>> >>>> The questions : >>>> - Is there something similar already existing ? It must not require any >>>> configuration on the client side other than activating DHCP. >>>> - Would this work ? I do not see why it would not, though I am a little >>>> anxious about having tens of point to point connections going to the same >>>> physical port. >>>> - I could not find anything forbidding it in RFC2131, but then again I >>>> might be wrong. Am I ? >>>> - One problem remains that is solved by vlan isolation but not by DHCP >>>> isolation : rogue DHCP servers. Any Idea to crush those ? >>>> >>>> I hope it is not inappropriate to post this on this list. But it is an >>>> interesting problem (I think). >>>> >>>> Jerome Herman >>>> _______________________________________________ >>>> freebsd-questions@freebsd.org mailing list >>>> http://lists.freebsd.org/mailman/listinfo/freebsd-questions >>>> To unsubscribe, send any mail to " >>>> freebsd-questions-unsubscribe@freebsd.org" >>>> >>>> >>>> >>>> >>> _______________________________________________ >>> freebsd-questions@freebsd.org mailing list >>> http://lists.freebsd.org/mailman/listinfo/freebsd-questions >>> To unsubscribe, send any mail to " >>> freebsd-questions-unsubscribe@freebsd.org" >>> >>> >>> >> _______________________________________________ >> freebsd-questions@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-questions >> To unsubscribe, send any mail to " >> freebsd-questions-unsubscribe@freebsd.org" >> >> > > Around here (Ontario, Canada) - almost all DSL providers use PPPoE... just a > thought, but might be a lot easier. > It is indeed a lot easier. Unfortunatly it cannot be used in this case. Basically it is an hotel that is already wired in CAT.6. We ant the clients to be able to connect through wire without resorting to routers or DSL modem, with just DHCP set up. The hotel is composed of 33 small residences connected with fiber. The idea is to avoid the part where we buy 33 layer3 switches at 3000$ a piece. Jerome Herman > -- > Nathan Vidican > nathan@vidican.com > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" >