Date: Fri, 26 May 2000 12:52:35 -0400 (EDT) From: Andy Dills <andy@xecu.net> To: Jan Grant <Jan.Grant@bristol.ac.uk> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: promiscuous ethernet Message-ID: <Pine.GSO.4.21.0005261235200.16951-100000@shell.xecu.net> In-Reply-To: <Pine.GHP.4.21.0005261645120.2554-100000@mail.ilrt.bris.ac.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 26 May 2000, Jan Grant wrote: > On Fri, 26 May 2000, Andy Dills wrote: > > > This was the first thing out of my mouth when I was given this project. I > > was told that this isn't acceptable, as the powers that be feel that the > > people in question would be overwhelmed merely by being directed to open > > up the TCP/IP properties. It's the kind of deal where we _really_ have to > > cater to these people. > > I'm not sure you can do anything, then; the request seems to amount to > asking you to proxy-arp the entire internet. Even if technically > possible, there are all sorts of other issues (do you catch or forward > DNS requests, for example; that occurs to me as the service which is > most likely to suffer). > > Then you have to deal with laptops that are configured for use on > private networks; you may be unable to get packets to their > (mail,news,dns,exchange) server at all. > > Are you certain that the "powers that be" won't take "it's not > technically feasable" as an answer? Well, that would be too easy :> I like challenges, which is why they dumped this on me and not one of the other guys. Anyhow, I'm just following up to let you guys know I've figured out how to do it, just in case somebody in the future looks through the archives. I'm writing a perl script which calls "tcpdump -n -q arp", and monitors output. When it (the script) sees a line such as: <timestamp> arp who-has <user gateway IP> (<MAC Addr>) tell <user.IP> it will ifconfig <user gateway IP> as an alias to xl0. NAT, which will be run with -dynamic, will then begin address translation for the user. I'll redirect any and all DNS requests to the local DNS server. So, I belive I've at least accomplished the theory behind it. Can anybody point out a flaw? Thanks, Andy xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Andy Dills 301-682-9972 Xecunet, LLC www.xecu.net xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Dialup * Webhosting * E-Commerce * High-Speed Access To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.GSO.4.21.0005261235200.16951-100000>