I wanted to set up a system which has two ether cards (it's part of
a transparent bridge so it'll be inline with someone's connection)
such that it'll pick up a DHCP address on *both* cards ... the trick
comes from not knowing in advance whether the DHCP server will be
on the inside connection or t
On 10/26/05, Graham Toal <[EMAIL PROTECTED]> wrote:
>
> I wanted to set up a system which has two ether cards (it's part of
> a transparent bridge so it'll be inline with someone's connection)
> such that it'll pick up a DHCP address on *both* cards ... the trick
> comes from not knowing in advance
Graham,
I use a bridge and assign the IP to one NIC, albeit statically assigned,
on several "production" OpenBSD 3.5 systems. If I ever switched the IP to
the Other NIC, I would lose connectivity until the ARP tables on the
various LAN hosts updated with the new MAC address. Maybe about 10 minu
> I use a bridge and assign the IP to one NIC, albeit statically assigned,
> on several "production" OpenBSD 3.5 systems. If I ever switched the IP to
> the Other NIC, I would lose connectivity until the ARP tables on the
> various LAN hosts updated with the new MAC address. Maybe about 10 minut
> Maybe I'm not understanding the problem, but for a tranparent bridge, you
> wouldn't want it to be assigned an IP address on either network card. hence
> the "transparent" part.
You would think so, but you would be wrong. As I was when I started
this project. In OpenBSD a bridge must either ha
> It *ought* to be possible to configure both hostname.xl0 and hostname.fxp1
> as dhcp, and whichever one comes up first, will then bridge through the
> DHCP server for the other. Unfortunately it just happens by luck of
> alphabetical order, that the one which comes up first is *not* looking
> at
> Assuming that the problem turns out to be that the dhcp request for
> fxp1 is always routed out of fxp1 (makes sense, right?) what can I do
> to have it routed out the other interface via bridging? (Remembering
> that the solution has to work symmetrically, if in some other deployment
> it is th
Why not start the system with one interface down (so you know which way
to route to) then "up" it at the end of the boot sequence and start the
dhclient?
Graham Toal wrote:
Assuming that the problem turns out to be that the dhcp request for
fxp1 is always routed out of fxp1 (makes sense, righ
> From: Kevin Frand <[EMAIL PROTECTED]>
>
> Why not start the system with one interface down (so you know which way
> to route to) then "up" it at the end of the boot sequence and start the
> dhclient?
Because DHCP isn't a routable protocol, so knowing that
information doesn't help. (Although y
Graham Toal wrote:
I could force the traffic from one interface to the other with pf
and a route-to option, but only if I know which interface the dhcp
server is connected to. Since I cannot make that assumption (it
depends on where in the network the bridge is inserted) I can't see
a solution.
On Wed, 26 Oct 2005 11:42:43 -0500, Graham Toal wrote:
> What I expected was that the first would sleep for a
> short time then ask again, and get it OK. I haven't seen that happen -
> about 30 minutes later and the interface still has no IP.
[This goes vastly OT, I know:]
I am blank astonished
Oct 26 2005 c. 20:42 Graham Toal wrote:
> I wanted to set up a system which has two ether cards (it's part of
> a transparent bridge so it'll be inline with someone's connection)
> such that it'll pick up a DHCP address on *both* cards ... the
> trick comes from not knowing in advance whether the D
> > What I expected was that the first would sleep for a
> > short time then ask again, and get it OK. I haven't seen that happen -
> > about 30 minutes later and the interface still has no IP.
>
> [This goes vastly OT, I know:]
>
> I am blank astonished that it seems to be impossible to get two
>
Graham Toal([EMAIL PROTECTED]) on 2005.10.26 23:52:28 +:
> They're not both connected to a DHCP server. The DHCP server is
> only connected to one of the NICs. Nevertheless I want both NICs
> to get an IP from that DHCP server. I thought I could do it because
> they were bridged NICs. I was
(description of why it can't work deleted for brevity)
> Now, your "bridge" should bridge this dhcp-packet from one interface to the
> other? That doesn't work: its sending this packet out through that
> interface, it can't send it out on all other interfaces.
So there's no solution? I see now t
On Wed, Oct 26, 2005 at 11:42:43AM -0500, Graham Toal wrote:
> I wanted to set up a system which has two ether cards (it's part of
> a transparent bridge so it'll be inline with someone's connection)
> such that it'll pick up a DHCP address on *both* cards ... the trick
> comes from not knowing in
On Wed, Oct 26, 2005 at 04:16:53PM -0500, Graham Toal wrote:
> > Assuming that the problem turns out to be that the dhcp request for
> > fxp1 is always routed out of fxp1 (makes sense, right?) what can I do
> > to have it routed out the other interface via bridging? (Remembering
> > that the solut
>So there's no solution? I see now that the packet flow
doesn't support it,
>but logically it does make sense to want an IP from that
DHCP server
>to be given to the other interface, after all any systems
hanging off that
>interface *will* get an address from the DHCP server on the other
>side of
> I'm still confused.
>
> Why do you need to succed in getting a DHCP address for _both_ interfaces?
> Wouldn't it be OK if jsut the one that hapened to face the DHCP server came
> up? This would still give you remote access.
I can get away with DHCP on one side only, but having actually tried
thi
> i am confused as to why anyone would want to make a setup like
> this, unless they were being shady. if you are going to be
Yeah, it does make a perfect man-in-the-middle attack kit I
must admit, but no, that's not what I'm working on :-)
> installing a transparent filter/proxy/etc., shouldn't
* Graham Toal <[EMAIL PROTECTED]> [2005-10-27 16:35]:
> (description of why it can't work deleted for brevity)
>
> > Now, your "bridge" should bridge this dhcp-packet from one interface to the
> > other? That doesn't work: its sending this packet out through that
> > interface, it can't send it ou
21 matches
Mail list logo
