Re: dhcp and dnat

To: debian-user@lists.debian.org
Subject: Re: dhcp and dnat
From: Gerald Livingston <debuser@sysmatrix.net>
Date: Mon, 7 Oct 2002 15:23:45 -0500
Message-id: <[🔎] 20021007152345.32c572d0.debuser@sysmatrix.net>
Reply-to: debuser@sysmatrix.net

Oops -- sent this directly to Stephen. Forwarding to list. Sorry Stephen.

G

Begin forwarded message:

Date: Mon, 7 Oct 2002 14:25:45 -0500
From: Gerald Livingston <debuser@sysmatrix.net>
To: Stephen Gran <steve@lobefin.net>
Subject: Re: dhcp and dnat


On Sun, 6 Oct 2002 18:20:06 -0400
Stephen Gran <steve@lobefin.net> wrote:

> This one time, at band camp, martin f krafft said:
> > hi there,
> > 
> > my ISP allows me to use 4 IPs obtained with DHCP. I have a firewall
> > box connecting a DMZ and the LAN to upstream. In the DMZ, there are
> > two servers for which I would like to use a public IP assigned by
> > upstream's DHCP server and consequently DNATted (iptables) by the
> > firewall box.
> > 
> > My thought was to let the firewall box be a proxy DHCP client (not
> > a relay), requesting multiple leases from the upstream DHCP server.
> > Once it obtained a lease it simply calls a custom script to set up
> > iptables DNAT and SNAT appropriately.
> > 
> > However, I am unsure on how to do this. dhcp3-client works
> > wonderfully, but it requires the specification of an interface. As
> > I know of no way to configure proxy interfaces[1] I wonder how
> > I should use dhclient3 to accomplish what I want: obtain and maintain
> > a lease independently of the one for eth0 and simply make the obtained
> > IP available to a script.
> > 
> > Do you know of a way to do this?
> > 
> >   1. here's a cool idea for iptables: it provides interfaces like dnat0
> >      and dnat1 to be configure like so:
> > 
> >        ifconfig dnat0 up 212.113.54.167 for 192.168.1.13
> > 
> >      and consequently, anything it receives on that interface is
> >      DNATted and sent to 192.168.1.13. i guess SNAT would have to be
> >      done transparently in the background for 192.168.1.13.
> 
> How about virtual interfaces?  IIRC eth0:1, etc. (check the syntax - I
> can't look it up right now).  Each could have an interfaces entry, they
> could each be DHCP, and they could each be made to send the MAC address
> of the machine that they route for.  Makes setting up routes easy too -
> all traffic on eth0:4 gets sent to box4, etc.
> 
> Just a thought,
> Steve
> 

Where's the best documentation on setting up virtual interfaces? I'd like to
be able to have my debian home machine talk to my debian laptop without
installing another physical interface. The home box is getting it's primary
IP from a cable modem through a hub -- my brother's Winbox is also plugged
into the hub grabbing a second DHCP address. I want to be able to plug the
laptop into the hub and talk to my home machine.

G

-- 
gvl2 (Gerald)
AirBall the Rolling Basket Case (1969 Standard Beetle)
LifeSaver (1974 Bay Window Bus)
http://www.phorce1.com

Reply to:

Prev by Date: Re: dpkg-reconfigure locales
Next by Date: Re: Q: Xfree troubles!!! help, please
Previous by thread: Re: dhcp and dnat
Next by thread: Apache mod_ssl problem. Don't get https...
Index(es):
- Date
- Thread