Virtual... alias...

[Seeker]

I am connected to internet through vr0 device.
DHCP does it all.
It's netmask gives me a lot of publicly available IP's

I've set in rc.conf, 2 aliases of it.
Like: ifconfig_vr0_alias0="...."
It worked!

But I wana that device(vr0), to have only one IP assigned through DHCP, by ISP.

So I would like to create virtual device and hook to it, about 20 IPs.
That is..., it's sole purpose(newly created virtual device), is to hold those IPs, nothing else.
This will also make configuring my PF firewall rules easy.
Finally, those IP's are intended for Apaches Virtual servers(IP bassed, of course).

Now, is this a good idea?
If yes, then how do I create that virtual device.
Thank in advance.

 

[Seeker]

After having a sleep (can you believe that amazing power of sleep, after which unsolvable problem becomes a joke �e), I just remembered that there already is that kind of device.
lo0
I've hooked IP's to it.
Like: ifconfig_lo0_alias0="...."

They are fully "pingable"

Now to try to use them, with apache... :stud

 

[Seeker]

I need a help...
They are fully "pingable" ,but NOT from the outside world!

My vr0 device always get assigned IP A.B.208.173 subnet: 255.255.252.0

This should mean that I can use A.B.208.1 to A.B.211.254

I would like to have:
A.B.209.1
A.B.209.2
A.B.209.3

How do I do it?

 

[SirDice]

Check with your ISP and see if they are actually forwarding those IPs to you.

 

[Seeker]

Since I am not an expert of networking, I've made a big wrong assumption.

My PC is conected to the optical fiber router, trough ethernet.
That ethernet device get assigned always a same IP
IP A.B.208.173 subnet: 255.255.252.0

I thought, that according to subnet I have 1022 IP's at my hands, to choose from.
Actually, my ISP is the one that has 1022 IP's at disposal and gave me a one IP, that is A.B.208.173

My inadequate knowledge of subneting misled me.
I thought that subnet 255.255.255.255 would be clear, but as it was 255.255.252.0, I thought there is 1022 IP's for me.
Duh! What a waste of time.

Additionally, how would I get a packet of IP's if I wanted?
Where do I buy/lease them.

And a...
What is a comand line tool for:
If eth device's IP is NOT A.B.208.173 then send me a warning email to...

 

[aragon]

As SirDice pointed out, a lot depends on what your ISP is doing. The correct way to get more IP addresses would be to ask your ISP for more. The naughty way would be simply to try alias another IP onto your vr0 interface in the same IP range and see if they're pingable from outside.

You can't just buy/lease IP addresses on your own. Firstly, you need to be an ISP who can justify it to your local numbering authority. Secondly, they're not cheap, and never sold in batches smaller than /22. Thirdly, even after you get an IP block, you have to convince your upstreams and peers to route traffic to it over your connection. More to the point, if you want more IP addresses, you have to ask your ISP.

To answer your last question, write a crontab(5) script.

 

[Seeker]

...The naughty way would be simply to try alias another IP onto your vr0 interface in the same IP range and see if they're pingable from outside.

Tried as showed above and nada! :\

You can't just buy/lease IP addresses on your own. Firstly, you need to be an ISP who can justify it to your local numbering authority. Secondly, they're not cheap, and never sold in batches smaller than /22. Thirdly, even after you get an IP block, you have to convince your upstreams and peers to route traffic to it over your connection. More to the point, if you want more IP addresses, you have to ask your ISP.

Is interception and gun in theirs mouth convincing enough? )

To answer your last question, write a crontab(5) script.

Is there already written script. to download...
If not I'll write one in php.


Anyway, I have an idea!
Concentrate now carefully...
My friend mentioned to put switch on ethernet(to get more IPs) instead connecting directly to ethernet.

NOW! I am going to leave conection as is fiber optic router to ethernet on my pc.
Now I've figured out that in order to get an IP and be reachable from the outside world I need to initiate DHCP request.
Good thing: Once assigned IP is constant.
Bad thing: I can not choose IP.
I can live with that.

Exactly here we come to the point where I need your help.

Faking switch...
Other device in my PC(for example lo0), get alliased IP's BUT not by ME, how I did that at the begening of this post.
but by DHCP -> only that way those IP's will be reachable from outside world

Now what I need to do? :stud

 

[aragon]

Well, it depends how their DHCP is setup. If their DHCP server is blindly handing out IP addresses, you could probably just keep requesting IP addresses from it and manually alias all the IPs it hands out to your interface. You might have to mess with altering your interface's MAC address so that it looks like a different system though.

What happens if you plug two PCs into another switch, and then connect that switch to your ISP line? Does each PC get their own IP address from the ISP?

 

[Seeker]

What happens if you plug two PCs into another switch, and then connect that switch to your ISP line? Does each PC get their own IP address from the ISP?

I don't have a switch, but can tell you that ISP's fiber optic router has another etherent port for another PC.
So that is a strong indication that ISP's DHCP is more than ready to spit out, at least one more IP :beergrin

... you could probably just keep requesting IP addresses from it and manually alias all the IPs it hands out to your interface. ...

Now this is to what we will stick from now...
Before: I've aliased IP to lo0 interface
After: DHCP will alias IP to lo0 interface

Now, how is DHCP manualy being made??
I guess I need to say which interface is requesting --> alias of lo0?
# dhcclient lo0

ifconfig ioctl (SIOCAIFADDR): File exists
lo0: not found
exiting.

 

[Seeker]

Just to say that my ethernet device is vr0

Should I create virtual vr1
I tried but:
ifconfig vr1 create
has failed

ifconfig lo1 create
Worked!
But # dhcclient lo1
hasn't worked
Help please

 

[SirDice]

You cannot use DHCP on lo0 (or lo1). lo0 is the loopback interface.

 

[Seeker]

Yes I know.
Do you understand what is a point of this post?
Creating some virtual device or MODIFYING lo0 in a way that utilizing dhclient on it, would yield a new IP to it, from my ISP.
Or doing something to the vr0 that is already getting IPs from my ISP via DHCP, BUT, holds new IP like aliased to it(vr0)

Here I really need a help from someone more experienced :stud

 

[aragon]

Try if_bridge(4).

 

[Seeker]

I've figured out, that my ISP's DHCP server leases IP based on interface mac address.
Ie:

I connected my laptop to ethernet and I always get a same IP for laptop
And when I connect my server back to ethernet, I always get back it's IP which it has for around a year.

Now, while server is connected on ethernet (vr0) interface, I would like to alias another artificial mac address, upon which my ISP's DHCP server would lease another IP address, which would be aliased to vr0.
So vr0 would end with 2 IPs

Anyone has any experience with this?

 

[phoenix]

AFAIK, you can't run DHCP client more than once per physical NIC.

 

[Seeker]

Then I have to create virtual ethernet device, with it's own MAC.
But it must somehow be linked to main vr0, as they will query a same DHCP server.

How to do it?

 

[Seeker]

Does anyone understands, what am I asking here, or what I would like to achieve?!

I have real/physical vr0 device, with real/physical MAC and with command

# dhclient vr0

vr0 gets leased IP from my ISP.
NOW!
I wana create virtual ethernet device and set it's MAC address, in a way, that when I issue (I will act like I talk about xy0)

# dhclient xy0

I get my mother fu.cking leassed IP from my mother fu.cking ISP to my mother fu.cking xy0 virtual interface.
Which would results in 2 leased IPs.
One to vr0 and one to xy0, both publicly available.

 

[aragon]

Did you bother trying if_bridge(4)?

 

[DutchDaemon]

Does anyone understands, what am I asking here, or what I would like to achieve?!

You're trying to steal an extra public IP address from your ISP, right? I'm pretty sure most ISPs have something in place to hand out no more than one simultaneous DHCP IP over any physical connection. I'm not sure which mechanism your ISP uses to govern your physical connection (ATM, PPPoA, PPPoE, MPLS, some tunnel, some encapsulation, whatever), but I'm pretty sure it has a unique and individual tag/marker/label on it somewhere that prevents the DHCP system from handing out multiple IP addresses over the same physical connection. I'm pretty sure that this can't be outsmarted by simply manipulating MAC addresses or cloning interfaces. There is no security whatsoever in MAC addresses, and every ISP knows that. You getting the same IP address on a specific MAC address is a matter of convenience, not of security.

 

[Seeker]

I did not tried if_bridge, but am on a good way wit tap

I can also tell you, that ISP's fiber optic router in my home has another ethernet port for another PC.
So that is a strong indication that ISP's DHCP is more than ready to spit out, at least one more IP!

Now bassed on that VERY strong inidcation..., let's continue.

I wana my one physical ethernet device to split into / create two virtual interfaces, attached to that one physical, so each could have it's own lease from my ISP.

I wana recieve two DHCP leases to the same box. :stud

# dhclient some_device0 
DHCPDISCOVER on tap0 to 255.255.255.255 port 67 interval 6
...

should work..

 

[DutchDaemon]

You will likely get a NAT address on that spare ethernet port. There are plenty of DSL modems out there with four ethernet ports, and all of them will do NAT when a public IP address is either on the modem itself or on a machine behind the modem (bridged). I have my public IP bridged to my server behind the DSL modem, and whatever I plug into that modem will get an RFC1918 address, NAT'ed to the public IP address (yes, even though that public IP address is on my server, the modem will still do NAT to that public IP address).

Unless your ISP is very much asleep at the wheel, I give you zero chance of a second public IP address on the same physical connection. The technology to prevent that was already in place over a decade ago on dial-up modem banks and the early DSL/cable equipment (Cisco, Redback, DOCSIS stuff, etc.), and in software (RADIUS, TACACS). Enforcing a "one account, one IP address" policy is not rocket science; it never was.

I'm pretty sure that your DHCP requests do not actually travel all over that /22 network (I'm in a /16, and I never see DHCP requests from anyone else, luckily), but that they are in some way relayed or translated by the equipment on either side of the physical connection, turning a broadcast DHCP request into a 'unicast' IP address request based on your account details and your current MAC address (the latter for convenience only).

And then it's simple: "This account already has an IP address associated with it, so we'll ignore further DHCP requests until that IP address has been returned to the DHCP pool, and then he'll get the same IP address on the same MAC address, or a new IP address on a changed MAC address, but never both."

 

[Seeker]

Ok, ok..., let me put that, this way:
We are going to ignore a fact that:

...then it's simple: "This account already has an IP address associated with it, so we'll ignore further DHCP requests until that IP address has been returned to the DHCP pool, and then he'll get the same IP address on the same MAC address, or a new IP address on a changed MAC address, but never both."

and act like "ISP is very much asleep at the wheel", that is..., they have some nasty hard core crack party prior to christmas.

Now, as I know very little about networking and am very unfamiliar with many networking terms(which makes, hard for me, to read man pages related to virtual devices, bridging, etc...), give me a syntax for task I wish to achieve.

So, when I initiate:

# dhclient some_device0

It must be ensured, that it's request does reach my ISPs DHCP server and not for a reques,t to roam inside my box, getting nothing, as there is no DHCP server installed.

 

[phoenix]

There is, currently, no way to do what you want, with FreeBSD. (Been down this road with Telus, it's a pain.)

You cannot set multiple virtual MAC addresses on physical NICs, which means you can't run dhclient more than once per physical NIC.

Just put another NIC in the box, and be done with it.

 

[Seeker]

Just put another NIC in the box, and be done with it.

Well, here is my new virtual ethernet NIC:

tap0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
ether 00:bd:17:59:c7:00

Now, how to convince it, to query ISP's DHCP server for new IP???
Physical ethernet device vr0, does exactly that!

 

[Seeker]

Guys! You are totally NOT helping me at all! That is so lame!

Here is a new setup:

This is my real device vr0:

# ifconfig vr0
vr0: flags=28943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST,PPROMISC> metric 0 mtu 1500
        options=2808<VLAN_MTU,WOL_UCAST,WOL_MAGIC>
        ether 00:0b:6a:b8:d6:dc
        inet 82.x.x.173 netmask 0xfffffc00 broadcast 82.x.x.255
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active

This is vlan device:

# ifconfig vlan0
vlan0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        ether 00:cd:97:59:c2:fa
        inet 0.0.0.0 netmask 0xff000000 broadcast 255.255.255.255
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
        vlan: 1834 parent interface: vr0

As you can notice ether is different + I've set vr0 into promisc mode.

Now, dhclient worked on vr0 but not on vlan0:

# dhclient vlan0
DHCPDISCOVER on vlan0 to 255.255.255.255 port 67 interval 4
DHCPDISCOVER on vlan0 to 255.255.255.255 port 67 interval 10
DHCPDISCOVER on vlan0 to 255.255.255.255 port 67 interval 13
DHCPDISCOVER on vlan0 to 255.255.255.255 port 67 interval 19
DHCPDISCOVER on vlan0 to 255.255.255.255 port 67 interval 15
No DHCPOFFERS received.
No working leases in persistent database - sleeping.

Attention!
It is irrelevant, will ISP's DHCP, spit out, additional IP, or not( in which case, DutchDaemon was right ).
What I wana achieve, is TO GET REPLY (positive OR negative) from ISP's DHCP server when I initiate dhclient on vlan0 device!