hi there,
my ISP allows me to use 4 IPs obtained with DHCP. I have a firewall
box connecting a DMZ and the LAN to upstream. In the DMZ, there are
two servers for which I would like to use a public IP assigned by
upstream's DHCP server and consequently DNATted (iptables) by the
firewall box.
My thought was to let the firewall box be a proxy DHCP client (not
a relay), requesting multiple leases from the upstream DHCP server.
Once it obtained a lease it simply calls a custom script to set up
iptables DNAT and SNAT appropriately.
However, I am unsure on how to do this. dhcp3-client works
wonderfully, but it requires the specification of an interface. As
I know of no way to configure proxy interfaces[1] I wonder how
I should use dhclient3 to accomplish what I want: obtain and maintain
a lease independently of the one for eth0 and simply make the obtained
IP available to a script.
Do you know of a way to do this?
1. here's a cool idea for iptables: it provides interfaces like dnat0
and dnat1 to be configure like so:
ifconfig dnat0 up 212.113.54.167 for 192.168.1.13
and consequently, anything it receives on that interface is
DNATted and sent to 192.168.1.13. i guess SNAT would have to be
done transparently in the background for 192.168.1.13.
thanks,
--
martin; (greetings from the heart of the sun.)
\____ echo mailto: !#^."<*>"|tr "<*> mailto:"; net@madduck
"there are more things in heaven and earth, horatio,
than are dreamt of in your philosophy."
-- hamlet
Attachment:
pgpORy7ppg8kG.pgp
Description: PGP signature