Multiple IPs, one NIC, where IP is based on MAC address

Multiple IPs, one NIC, where IP is based on MAC address

Post by Eric P. McC » Thu, 19 Sep 2002 05:17:23



Here's what I want to do.  Basically, I want to set up a pseudo-DMZ
with my Linux firewall.  This would involve setting up an IP alias for
the Internet-side interface which would be NAT'ted directly to a
machine behind the firewall.  In other words, I want to do host-based
DNAT rather than port-based DNAT.  (This is much easier for me than
port-based NAT.  I will do it if I have to, but I would _much_ prefer
to do host-based NAT.)

The problem here is in how my cable co. assigns IPs.  I paid for a
second one, and it looks like it's not possible for me to use it.
What happens is that IPs are assigned based on the requesting MAC
address rather than a hostname (or whatever).  Which means that it's
not possible to request two different IP addresses for the same NIC.
(Normally I would just change the hostname and use an alias interface
to get the second IP.)

So my question is: Is there _any_ way to do this?  I read some stuff
which suggests it might be possible if I get the interface into
promiscuous mode and tell it to respond to two different ethernet
addresses.  That would get me halfway, but I don't know if that's
possible or how to do it.  But that's not a complete answer, since
outgoing packets from my NIC would still have the NIC's real MAC
address, not the phony one.  For the initial DHCP request at least, it
would need to be able to send packets with the phony MAC address.  I
guess it would kind of be NIC-level NAT (yikes).

Of course, if there's an easier solution - like a way to bind two MAC
addresses to the same NIC - that would be even better.  I have an
Intel EtherExpress PRO/100+, if that matters.  The only other way to
get this working as I want would be to buy a hub and an extra NIC,
which would be an annoying waste of money.  And I yelled at my cable
co., they don't seem willing to budge.

--

"Last I checked, it wasn't the power cord for the Clue Generator that
was sticking up your ass." - John Novak, rasfwrj

 
 
 

Multiple IPs, one NIC, where IP is based on MAC address

Post by David Schwart » Thu, 19 Sep 2002 07:17:00



> The problem here is in how my cable co. assigns IPs.  I paid for a
> second one, and it looks like it's not possible for me to use it.
> What happens is that IPs are assigned based on the requesting MAC
> address rather than a hostname (or whatever).  Which means that it's
> not possible to request two different IP addresses for the same NIC.
> (Normally I would just change the hostname and use an alias interface
> to get the second IP.)

        Drop a second network card in the machine. It'll cost you $10 or so and
it'll solve your problem.

        DS

 
 
 

Multiple IPs, one NIC, where IP is based on MAC address

Post by /dev/nul » Fri, 20 Sep 2002 07:21:51


This is your lucky day :-).

Just so happens I've ran into the same problem and I've asked this list
about it before to *no* avail.

Sounds like your server is using DHCP, and yes DHCP servers assign (and
re-assign) IP address by the MAC, and if it's set to "remember" your MAC and
give you the same address again, it will.

Your gateway (*not* DHCP) should allow one MAC address two IPs.  The gateway
is the server on the ISP side that routes all packets your computer is
sending to networks other than the network you are on.  Some routers may
complain (to security) that you seem to be spoofing network addresses, or
maybe that there's an IP that is spoofing MAC addresses, but I doubt you'll
have problems.

Now that you've been on for a while you should have noticed if your IP
address is being changed at all.  Usually most ISPs set their DHCP up to
remember you and you'll always get the same.  If you've noticed a change in
IPs you may be up the creek without a paddle.

Here's what you do if your IP isn't changing (easiest), insert the correct
interface where I have eth0:

#ifconfig eth0

write down the HWaddr.  Should be a 6 byte hex number.

write down the inet addr.

#ifconfig eth0 down

takes the interface down

#ifconfig eth0 hw ether 9:9:9:9:9:9

put something other than the 9's I'm using.  I suggest taking the hwaddr you
already wrote down and change the last number.

then re-run your rc.inet1 (assuming it's set up right for DHCP), or whatever
you are using to set up your IP currently.  And then:

#ifconfig eth0

now you should see the new HWaddr you entered *and* (with any luck) your
other IP address as given by your ISP.

With both of these IP addresses you can set up your box for static IP, use
eth0 for one and eth0:0 for the other.

If you've noticed that your IP does change over time, you can try this (I
haven't):

in your rc.inet1 before any interface is started, do:

#ifconfig eth0:0 hw ether X:X:X:X:X:X

where the Xs is the IP you determined as your second IP.  And then run DHCP
on eth0 and eth0:0.

I don't know if it will work exactly, I've never tried the hw command on a
virtual interface.

Let me know how it goes.

 
 
 

Multiple IPs, one NIC, where IP is based on MAC address

Post by /dev/nul » Fri, 20 Sep 2002 12:55:16


I tried the hw command on eth0 then eth0:0 to see if they could have
different MACs, but they use the same one, setting one sets them all.

Figures.

 
 
 

Multiple IPs, one NIC, where IP is based on MAC address

Post by Juha Laih » Fri, 20 Sep 2002 20:27:00



Quote:>Sounds like your server is using DHCP, and yes DHCP servers assign (and
>re-assign) IP address by the MAC, and if it's set to "remember" your MAC and
>give you the same address again, it will.

DHCP servers assign IPs by client-identifiers, not by MACs.
DHCP clients, if nothing else is specified, use MACs as client identifiers
(or was it so that if the client doesn't specify the ID, the server will
use MAC as the ID; anyway, the point is that IP is not bound to MAC
address).

And yes, I've been able to get multiple simultaneous DHCP IP assignments
to a single MAC from my ISP (they allow up to 5 "machines" over one hookup,
meaning that they'll provide up to 5 IPs over one hookup).

No cookbook available, as this is still cooking..
--
Wolf  a.k.a.  Juha Laiho     Espoo, Finland

         PS(+) PE Y+ PGP(+) t- 5 !X R !tv b+ !DI D G e+ h---- r+++ y++++
"...cancel my subscription to the resurrection!" (Jim Morrison)

 
 
 

Multiple IPs, one NIC, where IP is based on MAC address

Post by /dev/nul » Sat, 21 Sep 2002 00:19:37


Quote:> DHCP servers assign IPs by client-identifiers, not by MACs.

That's not 100% true.  Mine certainly doesn't.  They've never given me a
client identifier and I've never used one.  This DHCP server uses a MAC.

Quote:> DHCP clients, if nothing else is specified, use MACs as client identifiers
> (or was it so that if the client doesn't specify the ID, the server will
> use MAC as the ID; anyway, the point is that IP is not bound to MAC
> address).

I'm glad it works for you, but it doesn't work for everyone.  The method I
offered should work with everyone that has DHCP.
 
 
 

Multiple IPs, one NIC, where IP is based on MAC address

Post by Eric P. McC » Sat, 21 Sep 2002 01:59:08



> DHCP servers assign IPs by client-identifiers, not by MACs.

Yours might, but this is certainly not the way mine works.

--

"Last I checked, it wasn't the power cord for the Clue Generator that
was sticking up your ass." - John Novak, rasfwrj

 
 
 

1. 4.2 nic aliasing, multiple IPs, one nic does not work???

I just upgraded to FreeBSD 4.2 from 4.1.  I had 5 IPs assigned to one
nic on 4.1, one main, 4 alias.  Now on 4.2, it will not accept aliases
to the nic.  When I boot with the config in override /etc/rc.conf, it
assigns the main IP and the first alias, but not the other three.  If
I try to manually configure from the IPs to the nic, it comes back
with:

ifconfig: inet: bad value

I have looked every where I can think of for help, both on and off
line and tried every combination I can think of, but nothing works.
It all worked fine under 4.1.  Did something get changed in 4.2 to
effect how you assign aliases to one nic????

I have asked all I know who work with FreeBSD and they are as baffled
as I am.  Any help or suggestions even if I have already tried them
will be appreciated.  I keep thinking I have made some type of
configuration error or something simple that I am missing, but, search
as I might for a problem, I come up empty handed.

4.2 did not come up with a different way to alias a nic, did it???

Thanks in advance,

Bear

2. What is the difference between gcc2.7.0 and gcc2.7.2 ?

3. Multiple MAC addresses on one NIC

4. /dev/urandom

5. multiple IP address in one NIC card.

6. Need help installing SuSE 7.0 on an iMac DV SE

7. SunOS 4.1.3 Multiple IP addresses on one NIC

8. fixing video when you cat a binary :-(

9. multiple ip addresses for one nic

10. Multiple IP addresses to one NIC

11. multiple NICs, multiple IP addresses?

12. Apache VirtualHost on Solaris with multiple ips bound to one nic

13. Multiple IPs on one NIC--the next step