Find the answer to your Linux question:
Results 1 to 2 of 2
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1

    Question about transparent proxy + duplicate IPs: is it possible?

    Hi everyone, i never found an answer for this question, so i'm trying to ask you.

    The scenario is something like this:
    - I'd like to setup a linux box that acts as a transparent http proxy (let's say something with squid installed) connected at port X in my switch, and requires Zero-Configuration on client devices.
    - I setup my Port-Based VLANs in my switch so that every other port can only communicate with port X (every devices can't communicate with each other)
    - At the other ports of my switch i'd like to connect devices with either Dynamic IP configuration or Static IP configuration.

    My transparent box should:
    - assign an IP address to DHCP devices that require it
    - arp reply to every Static IP devices that will arp-request for his gateway, so that they will use my box as their gateway
    - catch http connections for both DHCP and STATICIP devices, and proxy them, like any standard transparent proxy

    The real problem is: what happens if 2 device with the same IP connect to this network?

    I assume that there is no "collision" in the client devices protocol stack, because of the Port-Based VLAN separation i did on the switch one device will not see each other.

    Btw what happens on my linux box?
    I think that everytime he received an ARP reply from a device, he updates the ARP cache.
    So, if i have two client configured like:
    Client 1: IP A, MAC X
    Client 2: IP A, MAC Y
    the arp table can only contain ONE record with IP A, every time updated now with MAC X and now with MAC Y.
    How could i manage this? Is it possible to manage two client, with the same Static IP, and nat their http connections?

    I had an idea but i don't know if it's ok: I think in my box should:
    - Never overwrite ARP entries, but allow creating rows with duplicate IP (but obviously different MAC addresses). Note: I assume that my BOX will never need to communicate directly with IP address "A" at higher layer lavels, so that i don't care if i have multiple entries with the same IP "A" in my ARP table.
    - I know NAT mechanism stores in a table the open connections with the corresponding OUTPUTPORT+INTERNALIP. I think my box should also save the INTERNALMAC, so that i can distinguish different devices with same IP address but obviously different MAC address.

    I know this is a weird problem, but i think it is useful in Hot-Spot areas where i want to offer a ZeroConfiguration service.
    Thank very much in advance for the answers.


  2. #2
    Just Joined! pcrack's Avatar
    Join Date
    May 2006

    Wink transparent proxy

    ok, u want to have an transparent proxy just configure your squid and IP tables to redirect all 80 request to 8080 or 3128 whatever squid port u defined. then if you want to make sure do a arp spoof then all your IPs mac addressess will be stored on the arp tables and make sure your vlans are working correctly.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts