From owner-freebsd-net@FreeBSD.ORG Sun Nov 14 21:12:19 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 35D4E16A4CE for ; Sun, 14 Nov 2004 21:12:19 +0000 (GMT) Received: from mail.pogozone.net (pogo02.pogozone.net [216.57.201.122]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7B99E43D45 for ; Sun, 14 Nov 2004 21:12:18 +0000 (GMT) (envelope-from jbarrett@amduat.net) Received: from [10.0.0.69] (client-220-234.bhm.pogozone.net [216.57.220.234]) (AUTH: LOGIN jbarrett@pogozone.net, TLS: TLSv1/SSLv3,128bits,RC4-MD5) by mail.pogozone.net with esmtp; Sun, 14 Nov 2004 13:12:17 -0800 From: "Jacob S. Barrett" To: freebsd-net@freebsd.org Date: Sun, 14 Nov 2004 13:11:49 -0800 User-Agent: KMail/1.7.1 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200411141311.49502.jbarrett@amduat.net> Subject: Universal Client Gateway X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 14 Nov 2004 21:12:19 -0000 I am trying to make what some call a universal client gateway. Finding anything via google on the subject is turning up nothing. Basically I want setup a gateway that will masquerade IP from any host reguardless of its IP configuration. For example if a host is configured with IP 192.168.2.2 and a gateway of 192.168.2.1 my gateway would reply to ARP requests for 192.168.2.1. When the host forwards its IP traffic to me I would masquerade the packet with my IP and forward it. When the reply comes back my gateway would de-masquerade the packet and forward it back the host. I have it all working except for the return forwarding. For proxying the configured gateway address for incoming packets I running arpd on the LAN interface. It replies to all unclaimed IP addresses. So when the host ARPs for 192.168.2.2 it replies with my gateways MAC. This works great. For the return path I have tried a few things with no luck. ARP hacks: I first looked into adding an ARP entry using arp(8), but since no interfaces have subnets that matches the hosts IP it won't add it. Also arp(8) doesn't support specifying an interface to force assignment. If I wrote my own program to force an entry into the ARP table with the correct interface would that work? Route hacks: I then tried adding a route entry for the LAN interface. I used the command: route add -host 192.168.2.2 -interface vlan1000 This produces a route entry that looks promising: 192.168.2.2 vlan1000:0.xx.xx.xx.xx.aa UHLS 0 0 vlan10 But when you dump the arp tables we see: ? (192.168.2.2) at 00:xx:xx:xx:xx:aa on vlan1000 permanent [vlan] Which is the MAC address of the gateway and not the host. What I really want is an routing entry that looks like a normal local host: 192.168.0.27 0.xx.xx.xx.xx.bb UHLW 1 4953 vlan10 904 I have tried several combinations of commands with route(8) with no luck. Is there a way to add the route as a direct route to 0.xx.xx.xx.xx.cc? Can I do it if I write my own program to add the route to the table? I don't want to go the route of adding the faked gateway address to the interface with matching subnet to fit the client's IP in. The problem with that is if a client is configure with IP 10.0.0.1/8 with a gateway of 10.255.255.254 the smallest subnet I could create would be /8. And that would mostlikely cause problems for connectly configured hosts trying to communicate to 10/8. So does anyone understand what I am trying to do? Do you know how to do it? Am I going about this all wrong? -- Jacob S. Barrett jbarrett@amduat.net www.amduat.net "I don't suffer from insanity, I enjoy every minute of it."