Date: Mon, 15 Nov 2004 17:22:21 -0800 From: "Jacob S. Barrett" <jbarrett@amduat.net> To: freebsd-net@freebsd.org Subject: Re: Universal Client Gateway Message-ID: <200411151722.22372.jbarrett@amduat.net> In-Reply-To: <20041115004905.GA4275@pit.databus.com> References: <200411141311.49502.jbarrett@amduat.net> <200411141623.10060.jbarrett@amduat.net> <20041115004905.GA4275@pit.databus.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sunday 14 November 2004 04:49 pm, Barney Wolff <barney@databus.com> wrote: > When you have arpd (probably modified slightly) answer for a new "gateway" > address, add it as an alias to the interface on which the arp request was > received, with a netmask that will cover the address from which the > request came. Then responses to the original requester will naturally > go back out the right interface. Yes, but this is bad because now all traffic in that subnet will get directed out that interface. That could be really bad. One could really cause problems if thir gateway and IP forced a really large subnet. > Of course, this is all pretty pointless. It would be better to force > the clients to use dhcp, even if they're transients. Also, it's rather > dangerous - would you notice if such a client claimed to have the IP > address of your Internet gateway, and thus captured everybody's traffic? How do you for transients to use DHCP, especially when most of them are only smart enough to turn their computers on. That is why universal proxies are popular in hotels and airports. Well, in case anyone is interested or searches for this same problem later, I think I solved the problem. Actually a post earlier today about route add -host -face had the solution. To pass traffic back to the poxied machine execute this command: route add xx.xx.xx.xx/32 -iface WAN -cloning Of course, having a daemon monitoring for these proxied hosts and executing this routing command is still missing, but at least I know what my daemon needs to do now. I will probably just modify arpd to do this after it proxies the gateway ARP reply. -- Jacob S. Barrett jbarrett@amduat.net www.amduat.net "I don't suffer from insanity, I enjoy every minute of it."
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200411151722.22372.jbarrett>