Re: Multiple DHCP'd addresses on one NIC

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Mar 11, 2005 at 02:26:18PM -0800, Aaron O'Hara wrote:
> I have my firewall connected to my cable modem with one a single NIC.
> (I have another NIC for my LAN).  My public NIC is set to DHCP an
> address from my ISP.
> 
> Is it possible with Fedora to setup multiple virtual adapters that have
> unique MAC addresses (that I generate) that all DHCP an address from my
> ISP?  This way, I'd have multiple public IPs bound to one physical
> adapter.
> 
> Of course I'm going to want to firewall all the virtual adapters as
> well.
> 
> The end goal is to have multiple SSL-enabled sites (which need to have
> their own IP).

To save time, I'm placing a copy of my conclusion at the top of
my reply also.

My recommendation:  consider buying more NICS -- preferably with more
than a single port on each.  That way:
--  You will be assured of getting it working, which is not
    otherwise a foregone conclusion.
--  what you want to do will be supported "out-of-the-box"
--  you won't have to spend hours and hours in the attempt.
--  you won't have a hassle everytime you upgrade

The details:

A couple of years ago I had the same situation as you.  My ISP
(charter.net for cable modem service) offered a package with five
"static" IPs, but the catch was that the "static" addresses had to be
dynamically assigned via DHCP (from pre-configured fixed addresses).

The ISP apparently expected the customer to be attaching five separate
computers.  My ultimate solution was to buy a couple of dual-port NICs
so that I actually did have five separate NICs pointing to the outside.

I attempted to do everything from a single NIC with multiple IP
addresses.  I was ultimately foiled because:

1.  The MAC address is associated with the NIC itself.  You can't have
a separate MAC address used for each assigned IP address.

2.  The ISP refused to let me bypass DHCP MAC address recognition which
I could have done using DHCP's option "dhcp-client-identifier".  The client
identifier lets the dhcp server base decisions on something other than
the client's MAC address.

If the ISP had allowed me to use dhcp-client-identifier, then I think
things would have worked with one NIC.  (The ISP used some kind of
MAC-based activated by successful DHCP handshaking.  I don't think
that would have interfered with this approach.)

    Example of a dhcp config that allows use of "dhcp-client-identifier":

    In client file /etc/dhclient-eth0.conf, one could have:

        interface "eth0" {
	    # The uniqueness of the client-identifier could be assured
	    # basing it on the underlying MAC address, if desired.
	    # Example:  "00:00:40:86:93:5c-whatever"
            send dhcp-client-identifier "any-aribtrary-but-unique-string" ;
        }

    The corresponding entry in the server /etc/dhcpd.conf would be:
	host some.name {
	    # An alternate address for this system when it is booted under Linux.
	    fixed-address 1.2.3.4 ;
	    # hardware ethernet 00:00:40:86:93:5c ;
	    option dhcp-client-identifier "00:00:40:86:93:5c-whatever" ;
	}

3.  I did this with Red Hat LInux 9.  The RHL 9 version of
/sbin/dhclient-script only supported a single address per NIC.  I see
that the corresponding FC3 script is much different, but I don't know
whether or not it would allow multiple addresses for a single NIC.
I rewrote the RHL 9 /sbin/dhclient-script to:
    1.  use the iproute package's "ip" command instead of the
    "ifconfig" compatibility commands.  That put things closer to the
    metal, avoiding the semi-artificial concept of NIC aliases.
    2.  support multiple addresses per NIC.

My recommendation:  consider buying more NICS -- preferably with more
than a single port on each.  That way:
--  what you want to do will be supported "out-of-the-box"
--  you won't have to spend countless hours getting it working
--  you won't have a hassle everytime you upgrade

By the way, the same ISP is smarter now.  Their five-static-IP package
now provides five truly static (no DHCP) IPs, which works fine with
just a single NIC.


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux