Hello! My ISP offers the use of up to 5 public but dynamic (DHCP) ip addresses and I would like to take advantage of this offer by giving the 3 computers in my lan public ip''s to make it easier to use things like irc, p2p and online games from the lan computers. I''ve been trying for some days now without success. My initial thought was to use proxyarp and dhcrelay, but I have been unable to get it too work as of yet.I''ve been running dhcrelay like this: dhcrelay 195.54.96.215 where 195.54.96.215 is the ip of my isps dhcp server (at least I think so, I took it from the "option dhcp-server-identifier 195.54.96.215;" line in /var/lib/dhcp/dhclient-eth1.leases) and I have the following in my interfaces file loc eth0 192.168.1.255 dhcp,proxyarp net eth1 detect dhcp,norfc1918,proxyarp which I think is all that should be needed for dhcrelay+proxyarp to work, right? But I can''t get it to work from the computers in the loc zone. I get no errormessages in /var/logs/syslog, I only get this startup messeage from dhcrelay Dec 13 15:04:42 h177n2fls24o1074 dhcrelay: Internet Software Consortium DHCP Relay Agent V3.0pl2 Dec 13 15:04:42 h177n2fls24o1074 dhcrelay: Copyright 1997-2000 Internet Software Consortium. Dec 13 15:04:42 h177n2fls24o1074 dhcrelay: All rights reserved. Dec 13 15:04:42 h177n2fls24o1074 dhcrelay: For info, please visit http://www.isc.org/products/DHCP Dec 13 15:04:42 h177n2fls24o1074 dhcrelay: Listening on LPF/eth1/00:a0:24:c5:63:7a Dec 13 15:04:42 h177n2fls24o1074 dhcrelay: Sending on LPF/eth1/00:a0:24:c5:63:7a Dec 13 15:04:42 h177n2fls24o1074 dhcrelay: Listening on LPF/eth0/00:80:ad:86:37:19 Dec 13 15:04:42 h177n2fls24o1074 dhcrelay: Sending on LPF/eth0/00:80:ad:86:37:19 Dec 13 15:04:42 h177n2fls24o1074 dhcrelay: Sending on Socket/fallback which leads me to belive that it atleast is should be working. But I can''t get ip adresses for computers in the loc zone using dhcp, and as I said I get no error messages from dhcrelay while the dhcpclient times out waiting for a response. I though of trying one-to-one NAT and setting up a bunch of aliased interfaces, but dhclient doesn''t seem to want to get ip''s for aliased interfaces. Well, on to my questions. I am supposing that I could get this to work with one-to-one NAT if I hade more physical nic''s on the firewall, dhclient should be able to get ip''s for all of them I think. (my adsl modem has 4 ports, and the manual for it says that if you want to connect more to use a hub or switch) But since I don''t have any extra nic''s I would like to get it to work using a cheaper solution if possible. Can anyone see what I''m doing wrong with my proxyarp+dhcrelay setup? Are there extra steps that I''m missing? Would one-to-one NAT be a possible solution, or am I makeing assumptions here? I think that I would need a script to put the new ip''s into the shorewall config and restart shorewall whenever I get a new ip, but that I think shouldn''t be too hard right? Is it possible to get dhclient to work with aliased interfaces, or is there some other dhcp software I sould be using instead? Sorry if some of these questions aren''t 100% shorewall related. Sincerely, Kristoffer Ekelund ________________________________________________ This mail was sent by UebiMiau 2.5