Måns Nilsson wrote on Dec 04, 2002 at 12:16:11 PM:
> One *might* assign some kind of limit per subscriber, to prevent from DoS
> by snarfing all leases. This, I believe, is already being done, by
> On a related note -- Regardless of the issues I have with some of the
> things I've heard B2 does (for example altering a DHCP server so it
> deliberately denies renewal in favour of another address, and the debacle
> with the Digisip-issued Cisco ATA boxes being given RFC1918 leases) I find
> that the basic structure and service level both are sound -- a rôle model
> for a consumer broadband operation.
Well, I'm running B2 at home, and it usually works really well. One big
problem for me though, is that they are running an ARP proxy. There is
of course good reasons for doing so, but it really makes it hard for
people like me trying to implement some security... I'm running a box
with OpenBSD as a transparent firewall, and this would work really well
if I didn't want to be able to connect between my computers... but I, of
course, do... :)
The problem is that the ARP proxy makes my connections going through
the firewall instead of just through my local switch. This is probarbly
due to the fact that both my machine and the ARP proxy answers to the
ARP who-has. My guess is that since the machine I'm trying to connect to
answers first, and then the ARP proxy, it first uses the real one and
then, like 1/10 of a second later, changes to the ARP proxy one. Haven't
really checked that theory out yet, but I believe it works like that.
This would would not have been a problem if one could get static
IP-adresses, then I could set the ARP manually... but when you get a
new IP all the time, that doesn't work either.
Been trying to find a solution to this problem for quite some time now,
but I haven't been able to find one. If only Microsoft could have
coded a better implementation of the TCP/IP stack so one could have a
static IP on the same interface as one with DHCP, but no... that was
way to complicated for them... :)
I could of course use two NICs instead, but I'm tired of all cables
running around all over the apartment.
Anyway... I've solved it by using static ARP entries via some scripts,
but it's not working as well as I would have wanted.
So, anyone at B2 reading this and feels sorry enough for me to let
me have static IPs instead? :)