Andrew Harvey wrote:
> On 14/10/2005, at 11:56 AM, Bryan Catlin wrote:
>> Not to keep beating this down, but I do not want the users to have
>> to change a thing on their laptops. No matter what their IP
>> settings are I want the monowall to give them access to the Internet
>> IE the wan side. From what I understand this can be done by
>> ignoring IP traffic and just using the MAC address.
> From what *I* understand this is impossible. It's not a matter of
> what IP you have, but knowing where the gateway is. As I said before,
> all traffic to anywhere outside the subnet the computer is on needs
> to go through a gateway, and the client needs to know what gateway to
> use. Thus a setting needs to be changed. This can be using DHCP or by
> manual changes, but something has to change on the client. I can't
> think of any simpler way to put it. IF you can get traffic to your
> m0n0wall, then you can think about getting it through.
It is not that it is impossible, it just breaks many networking rules.
This is done in many places where public Internet is available. For it
to work, the gateway has to be intelligent enough to allow clients to
use ANY IP configuration. The gateway has to be able to reply to any
request. When a client with a static address tries to reach its gateway
and fails it will do an ARP request. The gateway must be able to say
"yes that is me - here is my MAC address for your ARP cache." Can
m0n0wall do this? Not at this point. It has been discussed in the past
on the list - I'm too lazy this morning to search the list for you...
James W. McKeand