I'm really interested in putting my Vonage Linksys RT31P2 VoIP adaptor in front of my Linux firewall so that the adaptor can do traffic shaping, and reduce instances of my wife yelling at me for downloading porn, er, Microsoft patches, and causing choppy audio and audio drop-out while she's on the phone with her mother in Japan...
The Linksys RT31P2 device does not have a bridge mode, and does not have a proxy-arp mode. Therefore, with the RT31P2 in between my DSL modem and my Linux box (Fedora Core 3), when the ISP's router ARPs for any of the 10 static IP addresses that I rent from them, the ARPs go unanswered (other than for the one IP address I have assigned to the WAN port of the RT31P2, of course). Unfortunately, since my block of static IPs from Speakeasy are all bridged, something has to answer the ARP requests which come from the ISP router down my DSL circuit.
The RT31P2 does route correctly, so if we can convince the ISP's router to keep sending packets addressed to my block of static IPs down my DSL circuit, the RT31P2 will properly receive and pass them on. The question is, how do we get the ARPs answered so that the ISP will keep sending those packets my way?
Since I know I can't get the voice adaptor to answer the ARPs, I'm brainstorming ways to put something out there to answer those ARPs.
The idea I have is to add another ethernet interface to my firewall, NOT give that interface an IP address, and have the firewall answer ARPs for the IP addresses in my block which are behind the firewall, giving as the MAC address for those IP addresses the MAC of the voice adaptor's outside interface (which is reachable directly from the ISP, as is this hypothetical extra interface, both of which will be plugged in to an external hub segment).
The question is, since proxy ARPing is a little bit automagic in the Linux kernel, and my first attempts at this definitely did not go well... what is the magic to get a Linux box to answer ARPs for arbitrary IP addresses, and provide a specific MAC address for those ARPs?
Thanks for your thoughts!
-Jay Libove, CISSP Atlanta, GA, US