[ previous ] [ next ] [ threads ]
 
 From:  "Bryan Catlin" <bryancatlin at connectgroup dot net>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Just Mac to get traffic out the door?
 Date:  Fri, 14 Oct 2005 14:08:07 -0400
I actually emailed with someone on the freebsd lists today and they said
they thought it could be done with a proxy arp setting but did not know how
to do this.

Does anyone know about proxy arp, or where I could get more info on how to
set it up?

Bryan

-----Original Message-----
From: James W. McKeand [mailto:james at mckeand dot biz] 
Sent: Friday, October 14, 2005 9:36 AM
To: m0n0wall at lists dot m0n0 dot ch
Subject: RE: [m0n0wall] Just Mac to get traffic out the door?

Andrew Harvey wrote:
> On 14/10/2005, at 11:56 AM, Bryan Catlin wrote:
> 
>>  Not to keep beating this down, but I do not want the users to have 
>> to change a thing on their laptops.  No matter what their IP settings 
>> are I want the monowall to give them access to the Internet IE the 
>> wan side.  From what I understand this can be done by ignoring IP 
>> traffic and just using the MAC address.
>> 
> 
>  From what *I* understand this is impossible. It's not a matter of 
> what IP you have, but knowing where the gateway is. As I said before, 
> all traffic to anywhere outside the subnet the computer is on needs to 
> go through a gateway, and the client needs to know what gateway to 
> use. Thus a setting needs to be changed. This can be using DHCP or by 
> manual changes, but something has to change on the client. I can't 
> think of any simpler way to put it. IF you can get traffic to your 
> m0n0wall, then you can think about getting it through.

It is not that it is impossible, it just breaks many networking rules.
This is done in many places where public Internet is available. For it to
work, the gateway has to be intelligent enough to allow clients to use ANY
IP configuration. The gateway has to be able to reply to any request. When a
client with a static address tries to reach its gateway and fails it will do
an ARP request. The gateway must be able to say "yes that is me - here is my
MAC address for your ARP cache." Can m0n0wall do this? Not at this point. It
has been discussed in the past on the list - I'm too lazy this morning to
search the list for you...

_________________________________
James W. McKeand





---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch