Doing incredibly stupid things(tm) - tunnels and dhcp

D

dvdmandt

Hi everyone. First of all, I do realize this is most likely incredibly stupid. I do it mostly for fun and learning.

I have two servers, A and B. A has two NICs, one connected to my LAN and one connected to the internet, B has one NIC connected to my LAN.

Code: 
ServA
  rl0: 89.*.*.* (public)
  rl1: 192.168.0.100 (lan)

ServB
  em0: 192.168.0.128 (lan)

ServA gets it's public ip address from my ISP using DHCP.

My goal here is to give ServB a public ip address on a virtual/whatever interface. To do this, I must create some form of tunnel between ServA and ServB. Ideally something like epair, but with the two virtual nics on different computers. Like this:

Code: 
ServA
  rl0: 89.*.*.*
  rl1: 192.168.0.100 
  epair0a: (not sure an ip address is needed)
  bridge0: members rl0 and epair0a

ServB
  em0: 192.168.0.128
  epair0b: dhcp

So when I would run
$ dhclient epair0b
on ServB, it would ask the dhcp server connected to rl0 on ServA.

Is this possible, and if so, how?
 
You need two separate MAC addresses in order to get two separate IPs via DHCP. The only way to do that is to have two separate NICs on the public side, and to run two separate dhclient processes.

Then use packet filter rules to NAT traffic through the second public IP to the private IP of ServB.

There's a way to "fake" it using a bridge interface, but it gets horribly complicated with the IPFW rules to make it work.

Best way is to just put another NIC into ServA.
 
Actually, if you just bridged ServA rl0 and rl1 together and then ran DHCP on ServA rl0 and ServB em0, it might work. You'd no longer have the internal IP addresses though.
 
Well, I can't add another NIC, and there are other computers and servers on the LAN, including another DHCP server, so that won't work either.

phoenix: I managed to get two addresses from DHCP using one NIC already, it's really simple and requires no ipfw hacking at all as far as I noticed?

What I need is a virtual NIC on both ServA and ServB with a (virtual) crossover cable between them. Is that possible? Using gif perhaps?
 
dvdmandt said:
Well, I can't add another NIC, and there are other computers and servers on the LAN, including another DHCP server, so that won't work either.

phoenix: I managed to get two addresses from DHCP using one NIC already, it's really simple and requires no ipfw hacking at all as far as I noticed?
Click to expand...

How? Anyway, if you already have that on the net gateway machine, why not just use the firewall to redirect things coming in on the second IP address to the internal machine?
 
You must log in or register to reply here.
Back
Top