From owner-freebsd-questions@FreeBSD.ORG Thu Oct 14 14:33:39 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DFC0F106566B for ; Thu, 14 Oct 2010 14:33:39 +0000 (UTC) (envelope-from nvidican@m2.vidican.com) Received: from mail-ew0-f54.google.com (mail-ew0-f54.google.com [209.85.215.54]) by mx1.freebsd.org (Postfix) with ESMTP id 657B28FC1B for ; Thu, 14 Oct 2010 14:33:38 +0000 (UTC) Received: by ewy21 with SMTP id 21so1790775ewy.13 for ; Thu, 14 Oct 2010 07:33:38 -0700 (PDT) MIME-Version: 1.0 Received: by 10.213.19.19 with SMTP id y19mr63780eba.65.1287066817916; Thu, 14 Oct 2010 07:33:37 -0700 (PDT) Sender: nvidican@m2.vidican.com Received: by 10.216.184.212 with HTTP; Thu, 14 Oct 2010 07:33:37 -0700 (PDT) X-Originating-IP: [136.1.1.105] In-Reply-To: <4CB70296.8060508@dichotomia.fr> References: <4CB5C9FE.90101@dichotomia.fr> <4CB70296.8060508@dichotomia.fr> Date: Thu, 14 Oct 2010 10:33:37 -0400 X-Google-Sender-Auth: SwhtTLz8ZteX4kgVJT9hFHr0apc Message-ID: From: Nathan Vidican To: Jerome Herman Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-questions@freebsd.org Subject: Re: Is it a good idea to use DHCP for point to point connections ? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Oct 2010 14:33:40 -0000 On Thu, Oct 14, 2010 at 9:16 AM, Jerome Herman wrote= : > Le 13/10/2010 22:25, Elliot Finley a =E9crit : > > we did this with DSL customers. But instead of using a unique gateway f= or >> each Client, just use IP Unnumbered and proxy arp for your loopback >> interface. >> >> > I was about to say that this solution seemed extremely sensitive to > spoofing. But I figured out that my solution was not necessarily better. > Looks like I will have to go for hardware solution after all... > I am currently checking on Cisco private vlan system. But I am not a big > fan of Cisco (Well to be perfectly honest I love the hardware...). Does > anyone know of an alternative ? > > Jerome Herman > > > > On Wed, Oct 13, 2010 at 9:02 AM, Jerome Herman> >wrote: >> >> >>> Hello, >>> >>> Given the price (an tedious management) of layer 3 switches I was >>> thinking >>> about using modified DHCP to distribute addresses with a /32 netmask >>> (255.255.255.255) >>> >>> The Idea : Create a cheap (and preferably not dirty) way to have client >>> isolation, without creating tons of vlan. >>> >>> Pratictal overview : The DHCP server will be serving IP addresses and >>> gateways with a /32 mask. >>> Client1 would recieve IP adress of 241.0.0.1 with a netmask of >>> 255.255.255.255 and a gateway of 240.0.0.1 >>> Client2 would recieve IP adress of 241.0.0.2 with a netmask of >>> 255.255.255.255 and a gateway of 240.0.0.2 >>> Client3 would recieve IP adress of 241.0.0.3 with a netmask of >>> 255.255.255.255 and a gateway of 240.0.0.3 >>> etc. >>> >>> Of course the gateway will have to have as many IP as there are clients >>> (Unless I am mistaken) >>> >>> The questions : >>> - Is there something similar already existing ? It must not require any >>> configuration on the client side other than activating DHCP. >>> - Would this work ? I do not see why it would not, though I am a little >>> anxious about having tens of point to point connections going to the sa= me >>> physical port. >>> - I could not find anything forbidding it in RFC2131, but then again I >>> might be wrong. Am I ? >>> - One problem remains that is solved by vlan isolation but not by DHCP >>> isolation : rogue DHCP servers. Any Idea to crush those ? >>> >>> I hope it is not inappropriate to post this on this list. But it is an >>> interesting problem (I think). >>> >>> Jerome Herman >>> _______________________________________________ >>> freebsd-questions@freebsd.org mailing list >>> http://lists.freebsd.org/mailman/listinfo/freebsd-questions >>> To unsubscribe, send any mail to " >>> freebsd-questions-unsubscribe@freebsd.org" >>> >>> >>> >> _______________________________________________ >> freebsd-questions@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-questions >> To unsubscribe, send any mail to " >> freebsd-questions-unsubscribe@freebsd.org" >> >> > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " > freebsd-questions-unsubscribe@freebsd.org" > Around here (Ontario, Canada) - almost all DSL providers use PPPoE... just = a thought, but might be a lot easier. -- Nathan Vidican nathan@vidican.com