Results 1 to 2 of 2
Hi everyone, i never found an answer for this question, so i'm trying to ask you. The scenario is something like this: - I'd like to setup a linux box ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 10-03-2006 #1
- Join Date
- Oct 2006
Question about transparent proxy + duplicate IPs: is it possible?
The scenario is something like this:
- I'd like to setup a linux box that acts as a transparent http proxy (let's say something with squid installed) connected at port X in my switch, and requires Zero-Configuration on client devices.
- I setup my Port-Based VLANs in my switch so that every other port can only communicate with port X (every devices can't communicate with each other)
- At the other ports of my switch i'd like to connect devices with either Dynamic IP configuration or Static IP configuration.
My transparent box should:
- assign an IP address to DHCP devices that require it
- arp reply to every Static IP devices that will arp-request for his gateway, so that they will use my box as their gateway
- catch http connections for both DHCP and STATICIP devices, and proxy them, like any standard transparent proxy
The real problem is: what happens if 2 device with the same IP connect to this network?
I assume that there is no "collision" in the client devices protocol stack, because of the Port-Based VLAN separation i did on the switch one device will not see each other.
Btw what happens on my linux box?
I think that everytime he received an ARP reply from a device, he updates the ARP cache.
So, if i have two client configured like:
Client 1: IP A, MAC X
Client 2: IP A, MAC Y
the arp table can only contain ONE record with IP A, every time updated now with MAC X and now with MAC Y.
How could i manage this? Is it possible to manage two client, with the same Static IP, and nat their http connections?
I had an idea but i don't know if it's ok: I think in my box should:
- Never overwrite ARP entries, but allow creating rows with duplicate IP (but obviously different MAC addresses). Note: I assume that my BOX will never need to communicate directly with IP address "A" at higher layer lavels, so that i don't care if i have multiple entries with the same IP "A" in my ARP table.
- I know NAT mechanism stores in a table the open connections with the corresponding OUTPUTPORT+INTERNALIP. I think my box should also save the INTERNALMAC, so that i can distinguish different devices with same IP address but obviously different MAC address.
I know this is a weird problem, but i think it is useful in Hot-Spot areas where i want to offer a ZeroConfiguration service.
Thank very much in advance for the answers.
- 10-09-2006 #2
ok, u want to have an transparent proxy just configure your squid and IP tables to redirect all 80 request to 8080 or 3128 whatever squid port u defined. then if you want to make sure do a arp spoof then all your IPs mac addressess will be stored on the arp tables and make sure your vlans are working correctly.