From owner-freebsd-net@FreeBSD.ORG Tue Nov 16 01:23:24 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8060B16A4CE for ; Tue, 16 Nov 2004 01:23:24 +0000 (GMT) Received: from mail.pogozone.net (pogo02.pogozone.net [216.57.201.122]) by mx1.FreeBSD.org (Postfix) with ESMTP id C56ED43D1D for ; Tue, 16 Nov 2004 01:23:23 +0000 (GMT) (envelope-from jbarrett@amduat.net) Received: from [10.0.0.69] (client-220-234.bhm.pogozone.net [216.57.220.234]) (AUTH: LOGIN jbarrett@pogozone.net, TLS: TLSv1/SSLv3,128bits,RC4-MD5) by mail.pogozone.net with esmtp; Mon, 15 Nov 2004 17:23:23 -0800 From: "Jacob S. Barrett" To: freebsd-net@freebsd.org Date: Mon, 15 Nov 2004 17:22:21 -0800 User-Agent: KMail/1.7.1 References: <200411141311.49502.jbarrett@amduat.net> <200411141623.10060.jbarrett@amduat.net> <20041115004905.GA4275@pit.databus.com> In-Reply-To: <20041115004905.GA4275@pit.databus.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200411151722.22372.jbarrett@amduat.net> Subject: Re: Universal Client Gateway X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Nov 2004 01:23:24 -0000 On Sunday 14 November 2004 04:49 pm, Barney Wolff wrote: > When you have arpd (probably modified slightly) answer for a new "gateway" > address, add it as an alias to the interface on which the arp request was > received, with a netmask that will cover the address from which the > request came. Then responses to the original requester will naturally > go back out the right interface. Yes, but this is bad because now all traffic in that subnet will get directed out that interface. That could be really bad. One could really cause problems if thir gateway and IP forced a really large subnet. > Of course, this is all pretty pointless. It would be better to force > the clients to use dhcp, even if they're transients. Also, it's rather > dangerous - would you notice if such a client claimed to have the IP > address of your Internet gateway, and thus captured everybody's traffic? How do you for transients to use DHCP, especially when most of them are only smart enough to turn their computers on. That is why universal proxies are popular in hotels and airports. Well, in case anyone is interested or searches for this same problem later, I think I solved the problem. Actually a post earlier today about route add -host -face had the solution. To pass traffic back to the poxied machine execute this command: route add xx.xx.xx.xx/32 -iface WAN -cloning Of course, having a daemon monitoring for these proxied hosts and executing this routing command is still missing, but at least I know what my daemon needs to do now. I will probably just modify arpd to do this after it proxies the gateway ARP reply. -- Jacob S. Barrett jbarrett@amduat.net www.amduat.net "I don't suffer from insanity, I enjoy every minute of it."