unusual proxy arp configuration need (voice over IP adaptor between DSL modem and Linux machine)

Jay Libove libove at felines.org
Tue May 10 11:44:03 UTC 2005 

[ I apologize if this is a re-post; I did not see it come through the 
first time ]

I'm really interested in putting my Vonage Linksys RT31P2 VoIP adaptor in front 
of my Linux firewall so that the adaptor can do traffic shaping, and reduce 
instances of my wife yelling at me for downloading porn, er, Microsoft patches, 
and causing choppy audio and audio drop-out while she's on the phone with her 
mother in Japan...

The Linksys RT31P2 device does not have a bridge mode, and does not have a 
proxy-arp mode. Therefore, with the RT31P2 in between my DSL modem and my Linux 
box (Fedora Core 3), when the ISP's router ARPs for any of the 10 static IP 
addresses that I rent from them, the ARPs go unanswered (other than for the one 
IP address I have assigned to the WAN port of the RT31P2, of course). 
Unfortunately, since my block of static IPs from Speakeasy are all bridged, 
something has to answer the ARP requests which come from the ISP router down my 
DSL circuit.

The RT31P2 does route correctly, so if we can convince the ISP's router to keep 
sending packets addressed to my block of static IPs down my DSL circuit, the 
RT31P2 will properly receive and pass them on.  The question is, how do we get 
the ARPs answered so that the ISP will keep sending those packets my way?

Since I know I can't get the voice adaptor to answer the ARPs, I'm 
brainstorming ways to put something out there to answer those ARPs.

The idea I have is to add another ethernet interface to my firewall, NOT give 
that interface an IP address, and have the firewall answer ARPs for the IP 
addresses in my block which are behind the firewall, giving as the MAC address 
for those IP addresses the MAC of the voice adaptor's outside interface (which 
is reachable directly from the ISP, as is this hypothetical extra interface, 
both of which will be plugged in to an external hub segment).

The question is, since proxy ARPing is a little bit automagic in the Linux 
kernel, and my first attempts at this definitely did not go well... what is the 
magic to get a Linux box to answer ARPs for arbitrary IP addresses, and provide 
a specific MAC address for those ARPs?

Thanks for your thoughts!

-Jay Libove, CISSP
Atlanta, GA, US

More information about the fedora-list mailing list