From owner-freebsd-questions Fri May 26 9:55:26 2000 Delivered-To: freebsd-questions@freebsd.org Received: from post.xecu.net (post.xecu.net [216.127.136.211]) by hub.freebsd.org (Postfix) with ESMTP id 1AE6137B660 for ; Fri, 26 May 2000 09:55:23 -0700 (PDT) (envelope-from andy@xecu.net) Received: from shell.xecu.net (shell.xecu.net [216.127.136.216]) by post.xecu.net (Postfix) with ESMTP id 540D84795; Fri, 26 May 2000 12:50:43 -0400 (EDT) Received: from localhost (andy@localhost) by shell.xecu.net (8.8.8+Sun/8.8.8) with ESMTP id MAA23587; Fri, 26 May 2000 12:52:35 -0400 (EDT) X-Authentication-Warning: shell.xecu.net: andy owned process doing -bs Date: Fri, 26 May 2000 12:52:35 -0400 (EDT) From: Andy Dills To: Jan Grant Cc: freebsd-questions@FreeBSD.ORG Subject: Re: promiscuous ethernet In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Fri, 26 May 2000, Jan Grant wrote: > On Fri, 26 May 2000, Andy Dills wrote: > > > This was the first thing out of my mouth when I was given this project. I > > was told that this isn't acceptable, as the powers that be feel that the > > people in question would be overwhelmed merely by being directed to open > > up the TCP/IP properties. It's the kind of deal where we _really_ have to > > cater to these people. > > I'm not sure you can do anything, then; the request seems to amount to > asking you to proxy-arp the entire internet. Even if technically > possible, there are all sorts of other issues (do you catch or forward > DNS requests, for example; that occurs to me as the service which is > most likely to suffer). > > Then you have to deal with laptops that are configured for use on > private networks; you may be unable to get packets to their > (mail,news,dns,exchange) server at all. > > Are you certain that the "powers that be" won't take "it's not > technically feasable" as an answer? Well, that would be too easy :> I like challenges, which is why they dumped this on me and not one of the other guys. Anyhow, I'm just following up to let you guys know I've figured out how to do it, just in case somebody in the future looks through the archives. I'm writing a perl script which calls "tcpdump -n -q arp", and monitors output. When it (the script) sees a line such as: arp who-has () tell it will ifconfig as an alias to xl0. NAT, which will be run with -dynamic, will then begin address translation for the user. I'll redirect any and all DNS requests to the local DNS server. So, I belive I've at least accomplished the theory behind it. Can anybody point out a flaw? Thanks, Andy xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Andy Dills 301-682-9972 Xecunet, LLC www.xecu.net xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Dialup * Webhosting * E-Commerce * High-Speed Access To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message