unusual proxy arp configuration need (voice over IP adaptor between DSL modem and Linux machine)

Jay Libove libove at felines.org
Mon May 9 18:34:08 UTC 2005


I'm really interested in putting my Vonage Linksys RT31P2 VoIP adaptor in 
front of my Linux firewall so that the adaptor can do traffic shaping, and 
reduce instances of my wife yelling at me for downloading porn, er, 
Microsoft patches, and causing choppy audio and audio drop-out while she's 
on the phone with her mother in Japan...

The Linksys RT31P2 device does not have a bridge mode, and does not have a 
proxy-arp mode. Therefore, with the RT31P2 in between my DSL modem and my 
Linux box (Fedora Core 3), when the ISP's router ARPs for any of the 10 
static IP addresses that I rent from them, the ARPs go unanswered (other 
than for the one IP address I have assigned to the WAN port of the RT31P2, 
of course).  Unfortunately, since my block of static IPs from Speakeasy 
are all bridged, something has to answer the ARP requests which come from 
the ISP router down my DSL circuit.

The RT31P2 does route correctly, so if we can convince the ISP's router to 
keep sending packets addressed to my block of static IPs down my DSL 
circuit, the RT31P2 will properly receive and pass them on.  The question 
is, how do we get the ARPs answered so that the ISP will keep sending 
those packets my way?

Since I know I can't get the voice adaptor to answer the ARPs, I'm 
brainstorming ways to put something out there to answer those ARPs.

The idea I have is to add another ethernet interface to my firewall, NOT 
give that interface an IP address, and have the firewall answer ARPs for 
the IP addresses in my block which are behind the firewall, giving as the 
MAC address for those IP addresses the MAC of the voice adaptor's outside 
interface (which is reachable directly from the ISP, as is this 
hypothetical extra interface, both of which will be plugged in to an 
external hub segment).

The question is, since proxy ARPing is a little bit automagic in the Linux 
kernel, and my first attempts at this definitely did not go well... what 
is the magic to get a Linux box to answer ARPs for arbitrary IP addresses, 
and provide a specific MAC address for those ARPs?

Thanks for your thoughts!

-Jay Libove, CISSP
Atlanta, GA, US




More information about the fedora-list mailing list