Date: Thu, 17 Nov 2005 15:23:57 +0000 From: Brian Candler <B.Candler@pobox.com> To: Jon Otterholm <jon.otterholm@ide.resurscentrum.se> Cc: freebsd-net@freebsd.org, Jeremie Le Hen <jeremie@le-hen.org> Subject: Re: arp-proxy Message-ID: <20051117152357.GA8209@uk.tiscali.com> In-Reply-To: <1132239963.819.18.camel@localhost.localdomain> References: <1131541588.996.13.camel@localhost.localdomain> <20051110124903.GB67086@uk.tiscali.com> <1131629107.878.22.camel@localhost.localdomain> <20051117135738.GH5197@obiwan.tataz.chchile.org> <1132239963.819.18.camel@localhost.localdomain>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Nov 17, 2005 at 04:06:03PM +0100, Jon Otterholm wrote: > Not a big fan of Linux though. I will have to wait for this to be ported > to BSD. Anyone with info if this is being done? ... > > [1] http://www.sjdjweis.com/linux/proxyarp/ You can do proxyarp like that with FreeBSD now. However you can't assign the same range of IPs to multiple interfaces, for obvious reasons. I think the way you'll have to do it is to lie to your customers about the subnetting. For example, tell all your customers that they need a /16 (255.255.0.0 netmask). Then you can actually configure: ifconfig vlan0 192.168.0.1/28 ifconfig vlan1 192.168.0.17/28 ifconfig vlan2 192.168.0.33/28 ... ifconfig vlan4095 192.168.255.249/28 Now, the customer on vlan0 can use 192.168.0.2 to 192.168.0.14 with a /16 netmask. The customer on vlan1 can use 192.168.18 to 192.168.30 with a /16 netmask, and so on. When the FreeBSD machine sends a packet to the customer, that's fine. It knows which vlan interface to use, and hence ARPs for the customer down that interface, based on the fact that each customer is within their own /28 range. When the customer tries to send to another customer, you run choparp or a similar program so that if they ARP for 192.168.X.X the FreeBSD machine always responds with its own MAC address. However, I see virtually no benefit in going down this route. The customer might as well just set up a /28 netmask and point defaultroute at the relevant FreeBSD IP address (192.168.0.1 or 192.168.0.17 or ...), and then you do *proper* routing. After all, even with proxyARP, they will still see your router as an IP-level "hop" (it decrements TTL). And non-IP packets and broadcasts won't be forwarded between the subnets. Furthermore, if a customer decides to configure an IP address outside of their 'allowed' range, it won't work - and it will be hard to debug, as the FreeBSD box and the wrongly-configured box will *both* respond to the same ARP request, and so sometimes one will win and sometimes the other will win. So, I really don't think you want to do this :-) Regards, Brian.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20051117152357.GA8209>