Discussion:
Routing pppd clients through a netbsd pppd server
(too old to reply)
Stephen Jones
2007-02-16 20:15:43 UTC
Permalink
There is plenty of information on using pppd to get a NetBSD machine
connected
to the internet, but I'm having a bit or trouble finding information
on using
NetBSD as a pppd server and routing its pppd clients to the public
internet.

Based on the pppd man page, I would assume that you could use
'proxyarp' and/or
'defaultroute' to do this. What I'm finding is that if I use a
routed network
address for the ppp client proxyarp'ing will work, but packets still
don't seem
to get routed any further.

If I try to use proxyarp with a non-routed network address then the
arp -s will
cannot intuit interface index and type for
It looks like there is a bug report for FreeBSD claiming that
"intuit" is a typo
of 'init'

Basically what I'd like to do is have the NetBSD pppd server proxy
for a range
of non-routed and act as their gateway. Is this possible?

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
Matthias Scheler
2007-02-17 20:00:30 UTC
Permalink
Post by Stephen Jones
Basically what I'd like to do is have the NetBSD pppd server proxy
for a range
of non-routed and act as their gateway. Is this possible?
If they IP addresses are part of a subnet which is configured on one
of the
local network interface it will work. I've used something similar on a
NetBSD system acting as an IPsec VPN gateway.

Kind regards
--
Matthias Scheler http://zhadum.org.uk/



--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
Stephen Jones
2007-02-19 18:52:17 UTC
Permalink
Post by Matthias Scheler
If they IP addresses are part of a subnet which is configured on
one of the
local network interface it will work. I've used something similar on a
NetBSD system acting as an IPsec VPN gateway.
Yes, that does work using proxyarp as long as the addresses are on
the same
subnet. But what if they're not? Can NetBSD still do it? If I try
to set a
public interface NetBSD apparently claims it lacks intuition (though
FreeBSD
Post by Matthias Scheler
# arp -s 192.168.0.201 xx:xx:xx:xx:xx:xx pub
cannot intuit interface index and type for 192.168.0.20
Where 'xx:xx..' is the actual hardware ethernet address of the public
interface.

So can NetBSD do this or would it only be able to do it for a 'real'
ip address?


--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
David Young
2007-02-19 21:57:58 UTC
Permalink
Post by Stephen Jones
Post by Matthias Scheler
If they IP addresses are part of a subnet which is configured on
one of the
local network interface it will work. I've used something similar on a
NetBSD system acting as an IPsec VPN gateway.
Yes, that does work using proxyarp as long as the addresses are on
the same
subnet. But what if they're not? Can NetBSD still do it? If I try
to set a
public interface NetBSD apparently claims it lacks intuition (though
FreeBSD
Post by Matthias Scheler
# arp -s 192.168.0.201 xx:xx:xx:xx:xx:xx pub
cannot intuit interface index and type for 192.168.0.20
ISTR you can set this sort of entry with route(8) using the wacky syntax,
int0:xx.xx.xx.xx.xx.xx, where int0 is the interface. I will have to do
some archaeology to find the details.

Dave
--
David Young OJC Technologies
***@ojctech.com Urbana, IL * (217) 278-3933

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
der Mouse
2007-02-19 21:49:13 UTC
Permalink
Post by Stephen Jones
Yes, that does work using proxyarp as long as the addresses are on
the same subnet. But what if they're not?
The only way I can see this as making any sense at all is if you want
your machine to proxy-arp for addresses on a subnet it does not itself
exist in (this usually means running more than one subnet on a given
broadcast domain). Other than that, it doesn't make sense to proxy-arp
for an address that's not on-subnet, because if you aren't *on* a
subnet something is very very broken if you're seeing arps for that
subnet.
Post by Stephen Jones
Can NetBSD still do it?
Yes, but it needs a little *ahem* "persuading".

I've done this; at home I have a somewhat ugly hack that depends on
exactly the above situation. I had to hack on arp(8) so as to be able
to specify the interface, instead of depending on software being able
to guess ("intuit") it.

ftp.rodents.montreal.qc.ca:/mouse/source-tree/patches/working/src/usr.sbin/arp/
contains the changes I made to arp. They are for a fairly old version
of arp, but they may be useful as a guide if naught else.

/~\ The ASCII der Mouse
\ / Ribbon Campaign
X Against HTML ***@rodents.montreal.qc.ca
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
David Young
2007-02-19 22:00:49 UTC
Permalink
Post by Stephen Jones
cannot intuit interface index and type for
It looks like there is a bug report for FreeBSD claiming that
"intuit" is a typo
of 'init'
It's more like "guess."

Dave
--
David Young OJC Technologies
***@ojctech.com Urbana, IL * (217) 278-3933

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
Loading...