Hi everyone, i never found an answer for this question, so i'm trying to ask you. The scenario is something like this: - I'd like to setup a linux box that acts as a transparent http proxy (let's say something with squid installed) connected at port X in my switch, and requires Zero-Configuration on client devices. - I setup my Port-Based VLANs in my switch so that every other port can only communicate with port X (every devices can't communicate with each other) - At the other ports of my switch i'd like to connect devices with either Dynamic IP configuration or Static IP configuration. My transparent box should: - assign an IP address to DHCP devices that require it - arp reply to every Static IP devices that will arp-request for his gateway, so that they will use my box as their gateway - catch http connections for both DHCP and STATICIP devices, and proxy them, like any standard transparent proxy The real problem is: what happens if 2 device with the same IP connect to this network? I assume that there is no "collision" in the client devices protocol stack, because of the Port-Based VLAN separation i did on the switch one device will not see each other. Btw what happens on my linux box? I think that everytime he received an ARP reply from a device, he updates the ARP cache. So, if i have two client configured like: Client 1: IP A, MAC X Client 2: IP A, MAC Y the arp table can only contain ONE record with IP A, every time updated now with MAC X and now with MAC Y. How could i manage this? Is it possible to manage two client, with the same Static IP, and nat their http connections? I had an idea but i don't know if it's ok: I think in my box should: - Never overwrite ARP entries, but allow creating rows with duplicate IP (but obviously different MAC addresses). Note: I assume that my BOX will never need to communicate directly with IP address "A" at higher layer lavels, so that i don't care if i have multiple entries with the same IP "A" in my ARP table. - I know NAT mechanism stores in a table the open connections with the corresponding OUTPUTPORT+INTERNALIP. I think my box should also save the INTERNALMAC, so that i can distinguish different devices with same IP address but obviously different MAC address. I know this is a weird problem, but i think it is useful in Hot-Spot areas where i want to offer a ZeroConfiguration service. Thank very much in advance for the answers. Marco.
