can iptables do this?
Thu, 13 Jun 2002 18:25:41 +0100
On Tuesday 21 May 2002 1:27 pm, Sven Koch wrote:
> On Tue, 21 May 2002, Antony Stone wrote:
> > On Tuesday 21 May 2002 10:47 am, Eduardo GARCIA wrote:
> > > For example my network is 126.96.36.199 and I want that a host with an IP
> > > from any unknown network (i. e. 10.9.8.7) can navigate.
> > No way. You can't create a network which will allow a host with some
> > arbitrary preset IP address (and gateway, and DNS...) to come along an
> > plug into - for two reasons:
> You can, at least one commercial device does right that - see
> www.nomadix.com for ther usg (universal subscriber gateway).
> It seems to be some kind of "answer to every arp request" combined with
> nat - won't be easy, but it should be doable with iptables and some
> home-grown programs.
I still maintain that this method won't work for all cases (although I could
see that it might cover the majority of IP addresses).
Suppose, for example, that I work for Hewlett-Packard, who have a Class A
network on address 188.8.131.52/255.0.0.0
Then my PC will have an address somewhere in this range (remember we're not
using DHCP here, so I must have a static address), and it will consider all
other addresses in this range as local, not to be routed through a gateway.
Then if I take this machine and plug it into the network described above, and
I assume that it handles all the arp requests very cleverly, it's still going
to allow me to access anything on the Internet except my 'own' local network,
184.108.40.206/255.0.0.0, which is actually quite a likely one for me to want to
contact whilst I'm out and about.....
The reason I think I won't be able to access my 'own' network is because my
machine will expect to find 15.x.y.z servers locally, not through any router,
therefore it's going to look for machines on the local net, not through the
gateway it magically discovers through all this arp nonsense....
Anybody explain where my reasoning falls down so this crazy scheme *can*
actually work ?