unusual proxy arp configuration need (voice over IP adaptor between DSL modem and Linux machine)
Jay Libove
libove at felines.org
Mon May 9 18:34:08 UTC 2005
I'm really interested in putting my Vonage Linksys RT31P2 VoIP adaptor in
front of my Linux firewall so that the adaptor can do traffic shaping, and
reduce instances of my wife yelling at me for downloading porn, er,
Microsoft patches, and causing choppy audio and audio drop-out while she's
on the phone with her mother in Japan...
The Linksys RT31P2 device does not have a bridge mode, and does not have a
proxy-arp mode. Therefore, with the RT31P2 in between my DSL modem and my
Linux box (Fedora Core 3), when the ISP's router ARPs for any of the 10
static IP addresses that I rent from them, the ARPs go unanswered (other
than for the one IP address I have assigned to the WAN port of the RT31P2,
of course). Unfortunately, since my block of static IPs from Speakeasy
are all bridged, something has to answer the ARP requests which come from
the ISP router down my DSL circuit.
The RT31P2 does route correctly, so if we can convince the ISP's router to
keep sending packets addressed to my block of static IPs down my DSL
circuit, the RT31P2 will properly receive and pass them on. The question
is, how do we get the ARPs answered so that the ISP will keep sending
those packets my way?
Since I know I can't get the voice adaptor to answer the ARPs, I'm
brainstorming ways to put something out there to answer those ARPs.
The idea I have is to add another ethernet interface to my firewall, NOT
give that interface an IP address, and have the firewall answer ARPs for
the IP addresses in my block which are behind the firewall, giving as the
MAC address for those IP addresses the MAC of the voice adaptor's outside
interface (which is reachable directly from the ISP, as is this
hypothetical extra interface, both of which will be plugged in to an
external hub segment).
The question is, since proxy ARPing is a little bit automagic in the Linux
kernel, and my first attempts at this definitely did not go well... what
is the magic to get a Linux box to answer ARPs for arbitrary IP addresses,
and provide a specific MAC address for those ARPs?
Thanks for your thoughts!
-Jay Libove, CISSP
Atlanta, GA, US
More information about the fedora-list
mailing list