hi there, my ISP allows me to use 4 IPs obtained with DHCP. I have a firewall box connecting a DMZ and the LAN to upstream. In the DMZ, there are two servers for which I would like to use a public IP assigned by upstream's DHCP server and consequently DNATted (iptables) by the firewall box.
My thought was to let the firewall box be a proxy DHCP client (not a relay), requesting multiple leases from the upstream DHCP server. Once it obtained a lease it simply calls a custom script to set up iptables DNAT and SNAT appropriately. However, I am unsure on how to do this. dhcp3-client works wonderfully, but it requires the specification of an interface. As I know of no way to configure proxy interfaces[1] I wonder how I should use dhclient3 to accomplish what I want: obtain and maintain a lease independently of the one for eth0 and simply make the obtained IP available to a script. Do you know of a way to do this? 1. here's a cool idea for iptables: it provides interfaces like dnat0 and dnat1 to be configure like so: ifconfig dnat0 up 212.113.54.167 for 192.168.1.13 and consequently, anything it receives on that interface is DNATted and sent to 192.168.1.13. i guess SNAT would have to be done transparently in the background for 192.168.1.13. thanks, -- martin; (greetings from the heart of the sun.) \____ echo mailto: !#^."<*>"|tr "<*> mailto:" net@madduck "there are more things in heaven and earth, horatio, than are dreamt of in your philosophy." -- hamlet
msg05594/pgp00000.pgp
Description: PGP signature