Hi everyone, i never found an answer for this question, so i'm trying
to ask you.
The scenario is something like this:
- I'd like to setup a linux box that acts as a transparent http proxy
(let's say something with squid installed) connected at port X in my
switch, and requires Zero-Configuration on client devices.
- I setup my Port-Based VLANs in my switch so that every other port
can only communicate with port X (every devices can't communicate with
each other)
- At the other ports of my switch i'd like to connect devices with
either Dynamic IP configuration or Static IP configuration.
My transparent box should:
- assign an IP address to DHCP devices that require it
- arp reply to every Static IP devices that will arp-request for his
gateway, so that they will use my box as their gateway
- catch http connections for both DHCP and STATICIP devices, and proxy
them, like any standard transparent proxy
The real problem is: what happens if 2 device with the same IP connect
to this network?
I assume that there is no "collision" in the client devices protocol
stack, because of the Port-Based VLAN separation i did on the switch
one device will not see each other.
Btw what happens on my linux box?
I think that everytime he received an ARP reply from a device, he
updates the ARP cache.
So, if i have two client configured like:
Client 1: IP A, MAC X
Client 2: IP A, MAC Y
the arp table can only contain ONE record with IP A, every time
updated now with MAC X and now with MAC Y.
How could i manage this? Is it possible to manage two client, with the
same Static IP, and nat their http connections?
I had an idea but i don't know if it's ok: I think in my box should:
- Never overwrite ARP entries, but allow creating rows with duplicate
IP (but obviously different MAC addresses). Note: I assume that my BOX
will never need to communicate directly with IP address "A" at higher
layer lavels, so that i don't care if i have multiple entries with the
same IP "A" in my ARP table.
- I know NAT mechanism stores in a table the open connections with the
corresponding OUTPUTPORT+INTERNALIP. I think my box should also save
the INTERNALMAC, so that i can distinguish different devices with same
IP address but obviously different MAC address.
I know this is a weird problem, but i think it is useful in Hot-Spot
areas where i want to offer a ZeroConfiguration service.
Thank very much in advance for the answers.
Marco.
Received on Tue Oct 03 2006 - 03:26:34 MDT
This archive was generated by hypermail pre-2.1.9 : Wed Nov 01 2006 - 12:00:04 MST