Universal Client Gateway

[Jacob S. Barrett]

On Sunday 14 November 2004 04:49 pm, Barney Wolff <barney at databus.com> wrote:
> When you have arpd (probably modified slightly) answer for a new "gateway"
> address, add it as an alias to the interface on which the arp request was
> received, with a netmask that will cover the address from which the
> request came.  Then responses to the original requester will naturally
> go back out the right interface.

Yes, but this is bad because now all traffic in that subnet will get directed 
out that interface.  That could be really bad.  One could really cause 
problems if thir gateway and IP forced a really large subnet.

> Of course, this is all pretty pointless.  It would be better to force
> the clients to use dhcp, even if they're transients.  Also, it's rather
> dangerous - would you notice if such a client claimed to have the IP
> address of your Internet gateway, and thus captured everybody's traffic?

How do you for transients to use DHCP, especially when most of them are only 
smart enough to turn their computers on.  That is why universal proxies are 
popular in hotels and airports.

Well, in case anyone is interested or searches for this same problem later, I 
think I solved the problem.  Actually a post earlier today about route add 
-host -face had the solution.  To pass traffic back to the poxied machine 
execute this command:
route add xx.xx.xx.xx/32 -iface WAN -cloning
Of course, having a daemon monitoring for these proxied hosts and executing 
this routing command is still missing, but at least I know what my daemon 
needs to do now.  I will probably just modify arpd to do this after it 
proxies the gateway ARP reply.


-- 
Jacob S. Barrett
jbarrett at amduat.net
www.amduat.net

"I don't suffer from insanity, I enjoy every minute of it."