Two clients with same IP Address behind a captive portal?

Discussion in 'Linux Networking' started by M. Simioni, Oct 2, 2006.

  1. M. Simioni

    M. Simioni Guest

    I'm trying to build up a box that acts like a transparent proxy
    (similar to SQUID) and a captive portal.

    I would like to use a portal like Chilliportal, but i have a question
    that i think it's more linux-stack-related than captive-portal related;
    the problem is:

    I would like that clients with both DHCP IP address and STATIC IP
    address can use this system.

    So that:
    - When a DHCP CLIENT connects:
    - He receives the IP ADDRESS
    - He tries to connect to "www.google.com"
    - The captive portal catch che connection and redirect the user to
    an html page for authentication
    - and so on...
    - When a STATIC IP CLIENT connects:
    - My box replies to every ARP REQUEST sent by the client in search
    for his gateway
    - The client tries to connect to "www.google.com"
    - The captive portal catch che connection and redirect the user to
    an html page for authentication
    - and so on...

    But here are the troubles. What happens if two STATIC IP CLIENTS have
    the same address?

    Let's assume that their own stacks will never collide: i can separate
    them with VLAN switches, so there's no problem, they will never see
    each other traffic, and they even don't know that there are two
    identical IP ADDRESSES on the same network.
    The problem is on the linux stack of my box: what happens to the ARP
    tables ? The ARP daemon sees two different MAC ADDRESS under the same
    IP address. And the NAT daemon will NAT back the connections in the
    wrong way.

    I was thinking about a solution like this:
    There are two different daemons:
    - The DHCP daemon: acts like a normal DHCP daemon
    - The S(tatic)HCP daemon: when a packet is received from an IP ADDRESS
    that is not in the DHCP lease list, the IP SOURCE ADDRESS of the packet
    entering the stack is changed, and the box assigns a new address taken
    from a "SHCP lease list", assigning him the corresponding MAC ADDRESS.
    So that the rest of the chain will never see two address colliding, and
    the NAT can work with the new IP address.

    What do u think about this? How can this be realized? There is a
    simpler way to perform this task?

    Thank you in advance,
    Marco
     
    M. Simioni, Oct 2, 2006
    #1
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.