arp-proxy

Brian Candler B.Candler at pobox.com
Thu Nov 17 07:24:02 PST 2005 

On Thu, Nov 17, 2005 at 04:06:03PM +0100, Jon Otterholm wrote:
> Not a big fan of Linux though. I will have to wait for this to be ported
> to BSD. Anyone with info if this is being done?
...
> > [1] http://www.sjdjweis.com/linux/proxyarp/

You can do proxyarp like that with FreeBSD now. However you can't assign the
same range of IPs to multiple interfaces, for obvious reasons.

I think the way you'll have to do it is to lie to your customers about the
subnetting. For example, tell all your customers that they need a /16
(255.255.0.0 netmask). Then you can actually configure:

ifconfig vlan0 192.168.0.1/28
ifconfig vlan1 192.168.0.17/28
ifconfig vlan2 192.168.0.33/28
...
ifconfig vlan4095 192.168.255.249/28

Now, the customer on vlan0 can use 192.168.0.2 to 192.168.0.14 with a /16
netmask. The customer on vlan1 can use 192.168.18 to 192.168.30 with a /16
netmask, and so on.

When the FreeBSD machine sends a packet to the customer, that's fine. It
knows which vlan interface to use, and hence ARPs for the customer down that
interface, based on the fact that each customer is within their own /28
range.

When the customer tries to send to another customer, you run choparp or a
similar program so that if they ARP for 192.168.X.X the FreeBSD machine
always responds with its own MAC address.

However, I see virtually no benefit in going down this route. The customer
might as well just set up a /28 netmask and point defaultroute at the
relevant FreeBSD IP address (192.168.0.1 or 192.168.0.17 or ...), and then
you do *proper* routing.

After all, even with proxyARP, they will still see your router as an
IP-level "hop" (it decrements TTL). And non-IP packets and broadcasts won't
be forwarded between the subnets. Furthermore, if a customer decides to
configure an IP address outside of their 'allowed' range, it won't work -
and it will be hard to debug, as the FreeBSD box and the wrongly-configured
box will *both* respond to the same ARP request, and so sometimes one will
win and sometimes the other will win.

So, I really don't think you want to do this :-)

Regards,

Brian.

More information about the freebsd-net mailing list