Walter Zimmer wrote: > Here's a tough one for all you problem solvers, which might be > of no use whatsoever in the real world, but is academically > challenging nevertheless. > > We have been assigned a task to connect a remote host over an > access network to the main network. To put this in ASCII art: > > remote host main network > --- --- > | | | | > --- --- > | | > | | > | | > --- --- > | |---access network---| | > --- --- > router1 (linux) router2 (linux) > > Sounds simple. But isn't (at least for us). > Main network is assigned an IP network (eg. 10.0.0.0/24). > Unfortunately, the 'remote host' has an IP address in this > network too, and this can't be changed. In fact, the whole > purpose of this setup is to relocate the remote host from > the main network to a remote location without altering > any configuration of the mein network or remote host. > > The assignment is to configure the linux routers in such a > way that the remote host can access the main network and > every host in the main network can access the remote host > in a transparent way, which means: > > - ARP > - DHCP > - IP > > ...must all work transparently. > > Tunneling is not an option, since the packets must be inspectable > by the access network. > > Weird setup, but it definitely adds some fun to the challenge :) > > We looked into the linux 2.4 packet filter and other capabilities, > and the solution approaches so far contain: > > 1. Solution > =========== > For ARP, router2 on the main network gets assigned the IP address > of the remote host. Therefore, it answers ARP requests and get's > all packets destined for remote host. > The problem with this is, how can the packets destined for remote > host be forwarded away from router2, when it has an own > interface with this IP address? > > 2. Solution > =========== > Use proxy ARP. As I understand, this only works for networks which are > directly connected to the router. So, router2 can't use proxy ARP. Proxy ARP will work fine. However, as the routes overlap, you may have to set ARP entries manually with "arp -Ds ..."; I don't know how the auto proxy-ARP feature (/proc/sys/net/ipv4/conf/*/proxy_arp) handles this case. Sample configuration: all hosts: route add -net 10.0.0.0 netmask 255.255.255.0 dev eth0 router 1: route add -host $REMOTE_HOST_IP dev eth0 route add -net 10.0.0.0 netmask 255.255.255.0 dev ppp0 # access net arp -i eth0 -Ds 10.0.0.0 eth0 netmask 255.255.255.0 pub # NOTE: the above line won't work on recent Linux kernels; # so use an old kernel, or a different OS, or a dedicated router # or add individual IP addresses in a for/while loop or ... router 2: route add -host $REMOTE_HOST_IP dev ppp0 # access net route add -net 10.0.0.0 netmask 255.255.255.0 dev eth0 arp -i eth0 -Ds $REMOTE_HOST_IP eth0 pub -- Glynn Clements <glynn.clements@virgin.net> - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
