I''m interested in setting up a NAT machine between a local network and a DSL-connected ISP. In order to avoid some of the problems with Many:1 NAT, I would like to take advantage of the fact that my ISP is willing to issue as many DHCP dynamic addresses as I ask for, possibly enabling me to set up Many:Many NAT for my local machines. Currently, the machines are all on the same switch as the bridging DSL modem and are acquiring DHCP addresses on their own. Is there a way to configure iproute2 under Linux to acquire external IP addresses from a DHCP server as needed, instead of selecting its own external IP addresses from a given subnet? Thanks, Gil <get@andrew.cmu.edu> _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
On Thursday 01 August 2002 19:18, Gil Tolle wrote:> I''m interested in setting up a NAT machine between a local network and a > DSL-connected ISP. In order to avoid some of the problems with Many:1 NAT, > I would like to take advantage of the fact that my ISP is willing to issue > as many DHCP dynamic addresses as I ask for, possibly enabling me to set > up Many:Many NAT for my local machines. Currently, the machines are all on > the same switch as the bridging DSL modem and are acquiring DHCP addresses > on their own. > > Is there a way to configure iproute2 under Linux to acquire external IP > addresses from a DHCP server as needed, instead of selecting its own > external IP addresses from a given subnet?That''s called a dhcp relay Or you can configure the linux box as a bridge. But this is not the right place for this issue. Stef -- stef.coene@docum.org "Using Linux as bandwidth manager" http://www.docum.org/ #lartc @ irc.openprojects.net _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
The thing is, I''m trying to work around an address assignment decision made by my ISP. I''m running a local server on my side of the DSL line, with an address statically assigned to be .9.220. Every other machine on my side of the DSL is acquiring dynamic IP addresses in the .57.255 subnet with a default gateway of .57.1, on the other side of the DSL link. This causes the unfortunate side effect of forcing all traffic between the dynamically assigned machines and the statically assigned machine to travel across the DSL, even though both machines are on the same ethernet. In addition, if the DSL link goes down, as it tends to on occasion, the dynamic machines cannot acquire addresses, and therefore cannot communicate with the local server. My idea is to use a NAT machine to manage the routing myself. I would like to ensure that no traffic between local machines and the local server will go over the DSL, without having to add special routes to each dynamic client machine. I would also like to ensure that dynamic local machines can contact the static local server, even when the DSL is down and they cannot get DHCP addresses from the ISP''s server. I would also like to keep the statically assigned server accessible from the public Internet. DHCP relay does not seem to solve the routing issue, and neither does the bridging. And if I am resigned to using NAT, I''d like to make it Many:Many NAT to avoid the occasional problems seen when using things like active FTP and online games behind Many:1 NAT. Thus the rationale behind my question. Have I missed something obvious that might satisfy the constraints above? Thanks, Gil <get@andrew.cmu.edu> On Thu, 1 Aug 2002, Stef Coene wrote:> On Thursday 01 August 2002 19:18, Gil Tolle wrote: > > I''m interested in setting up a NAT machine between a local network and a > > DSL-connected ISP. In order to avoid some of the problems with Many:1 NAT, > > I would like to take advantage of the fact that my ISP is willing to issue > > as many DHCP dynamic addresses as I ask for, possibly enabling me to set > > up Many:Many NAT for my local machines. Currently, the machines are all on > > the same switch as the bridging DSL modem and are acquiring DHCP addresses > > on their own. > > > > Is there a way to configure iproute2 under Linux to acquire external IP > > addresses from a DHCP server as needed, instead of selecting its own > > external IP addresses from a given subnet? > That''s called a dhcp relay > Or you can configure the linux box as a bridge. > > But this is not the right place for this issue. > > Stef > > -- > > stef.coene@docum.org > "Using Linux as bandwidth manager" > http://www.docum.org/ > #lartc @ irc.openprojects.net > >_______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Gil, I understand your problem, and why you''d choose to do it this way. Perhaps you (c|sh)ould look at udhcp....it''s a small lightweight dhcp server which is ultimately scriptable and flexible. http://udhcp.busybox.net/ You can interface with it via a set of scripts. Instead of using the scripts that come with the distribution, you could write your own to grab public IPs from your ISPs dhcp server and then set up NAT to the internal IPs. If I were in your position, I''d: - run udhpcd on the inside interface - give IPs upon request to inside hosts (inside-0) - fork a process to request an IP from ISP - upon receiving IP (outside-0) from provider - setup NAT for outside-0 <--> inside-0 Good luck, -Martin : : The thing is, I''m trying to work around an address assignment decision : made by my ISP. I''m running a local server on my side of the DSL line, : with an address statically assigned to be .9.220. Every other machine on : my side of the DSL is acquiring dynamic IP addresses in the .57.255 subnet : with a default gateway of .57.1, on the other side of the DSL link. This : causes the unfortunate side effect of forcing all traffic between the : dynamically assigned machines and the statically assigned machine to : travel across the DSL, even though both machines are on the same ethernet. : In addition, if the DSL link goes down, as it tends to on occasion, the : dynamic machines cannot acquire addresses, and therefore cannot : communicate with the local server. : : My idea is to use a NAT machine to manage the routing myself. I would like : to ensure that no traffic between local machines and the local server will : go over the DSL, without having to add special routes to each dynamic : client machine. I would also like to ensure that dynamic local machines : can contact the static local server, even when the DSL is down and they : cannot get DHCP addresses from the ISP''s server. I would also like to keep : the statically assigned server accessible from the public Internet. : : DHCP relay does not seem to solve the routing issue, and neither does the : bridging. And if I am resigned to using NAT, I''d like to make it Many:Many : NAT to avoid the occasional problems seen when using things like active : FTP and online games behind Many:1 NAT. Thus the rationale behind my : question. : : Have I missed something obvious that might satisfy the constraints above? : : Thanks, : Gil <get@andrew.cmu.edu> : : : On Thu, 1 Aug 2002, Stef Coene wrote: : : > On Thursday 01 August 2002 19:18, Gil Tolle wrote: : > > I''m interested in setting up a NAT machine between a local network and a : > > DSL-connected ISP. In order to avoid some of the problems with Many:1 NAT, : > > I would like to take advantage of the fact that my ISP is willing to issue : > > as many DHCP dynamic addresses as I ask for, possibly enabling me to set : > > up Many:Many NAT for my local machines. Currently, the machines are all on : > > the same switch as the bridging DSL modem and are acquiring DHCP addresses : > > on their own. : > > : > > Is there a way to configure iproute2 under Linux to acquire external IP : > > addresses from a DHCP server as needed, instead of selecting its own : > > external IP addresses from a given subnet? : > That''s called a dhcp relay : > Or you can configure the linux box as a bridge. : > : > But this is not the right place for this issue. : > : > Stef : > : > -- : > : > stef.coene@docum.org : > "Using Linux as bandwidth manager" : > http://www.docum.org/ : > #lartc @ irc.openprojects.net : > : > : : _______________________________________________ : LARTC mailing list / LARTC@mailman.ds9a.nl : http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ : -- Martin A. Brown --- SecurePipe, Inc. --- mabrown@securepipe.com _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/