ARP proxy explained
I thought I might do a quick post on ARP proxy since it is not really an obvious thing for most people. If you don’t know what ARP proxy is, here is a quick overview:
ARP proxy is basically what ethernet AP clients do to allow multiple computers to live behind the client. If you ever look at the ARP table of the PCs that are behind an AP client, you will notice that they all have the same MAC in the table. The client actually has to rewrite the MAC as it comes in to forward it on to the correct destination. You can think of this as sort of an Ethernet NAT I suppose.
Anyways, the reason this happens is best explained (IMO) in a post by Leszek (OSBridge) and is reproduced with permission here:
As for full bridge support for STA:
«This is the typical setup that requires WDS (wireless distribution system) mode, which uses 4-address frames instead of the normal 3-address frames that are used between an AP and a station.
This is because the 802.11 protocol needs the MAC address of both WLAN machines in the frame (to send RTS/CTS, ACK, …), plus for bridging to work transparently, you also need both the MAC addresses of the real packet source and destination (Computer A and B) as in a normal ethernet packet.
In a normal managed scenario, the managed host is either source or destination, so the shorter 3-address frame is used.»
The trick with ARP proxy is to understand what is going on and then determine how to use it to your advantage. The major point here is that all traffic on the WLAN side of the client will have the MAC address of the AP client. This is important when building a repeater using an AP client and an AP connected via ethernet port. It is also important when authenticating based on MAC (e.g. hotspots) and/or bandwidth control based on MAC.