This one time, at band camp, martin f krafft said: > hi there, > > my ISP allows me to use 4 IPs obtained with DHCP. I have a firewall > box connecting a DMZ and the LAN to upstream. In the DMZ, there are > two servers for which I would like to use a public IP assigned by > upstream's DHCP server and consequently DNATted (iptables) by the > firewall box. > > My thought was to let the firewall box be a proxy DHCP client (not > a relay), requesting multiple leases from the upstream DHCP server. > Once it obtained a lease it simply calls a custom script to set up > iptables DNAT and SNAT appropriately. > > However, I am unsure on how to do this. dhcp3-client works > wonderfully, but it requires the specification of an interface. As > I know of no way to configure proxy interfaces[1] I wonder how > I should use dhclient3 to accomplish what I want: obtain and maintain > a lease independently of the one for eth0 and simply make the obtained > IP available to a script. > > Do you know of a way to do this? > > 1. here's a cool idea for iptables: it provides interfaces like dnat0 > and dnat1 to be configure like so: > > ifconfig dnat0 up 212.113.54.167 for 192.168.1.13 > > and consequently, anything it receives on that interface is > DNATted and sent to 192.168.1.13. i guess SNAT would have to be > done transparently in the background for 192.168.1.13.
How about virtual interfaces? IIRC eth0:1, etc. (check the syntax - I can't look it up right now). Each could have an interfaces entry, they could each be DHCP, and they could each be made to send the MAC address of the machine that they route for. Makes setting up routes easy too - all traffic on eth0:4 gets sent to box4, etc. Just a thought, Steve -- This will be a memorable month -- no matter how hard you try to forget it.
msg05791/pgp00000.pgp
Description: PGP signature
