Date: Sun, 14 Nov 2004 19:49:05 -0500 From: Barney Wolff <barney@databus.com> To: "Jacob S. Barrett" <jbarrett@amduat.net> Cc: freebsd-net@freebsd.org Subject: Re: Universal Client Gateway Message-ID: <20041115004905.GA4275@pit.databus.com> In-Reply-To: <200411141623.10060.jbarrett@amduat.net> References: <200411141311.49502.jbarrett@amduat.net> <4197D8C5.5050601@elischer.org> <200411141623.10060.jbarrett@amduat.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Nov 14, 2004 at 04:23:08PM -0800, Jacob S. Barrett wrote: > On Sunday 14 November 2004 02:14 pm, Julian Elischer <julian@elischer.org> > wrote: > > sounds like you just want to run natd. > > I do for all the traffic exiting the WAN interface. I am doing that and I can > pass traffic from the host through the universal proxy to the destination. > The traffic coming back from the destination enters WAN interface and natd > and is translated back to the host interface but gets routed back out the WAN > (default route) since the host is not local. I need to be able to spoof the > routing table into forwarding the packet back out the LAN internface. When you have arpd (probably modified slightly) answer for a new "gateway" address, add it as an alias to the interface on which the arp request was received, with a netmask that will cover the address from which the request came. Then responses to the original requester will naturally go back out the right interface. Of course, this is all pretty pointless. It would be better to force the clients to use dhcp, even if they're transients. Also, it's rather dangerous - would you notice if such a client claimed to have the IP address of your Internet gateway, and thus captured everybody's traffic? -- Barney Wolff http://www.databus.com/bwresume.pdf I'm available by contract or FT, in the NYC metro area or via the 'Net.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041115004905.GA4275>