[vox-tech] Multiple IPs on one system

Jeff Newmiller vox-tech@lists.lugod.org
Fri, 3 May 2002 16:45:56 -0700 (PDT) 

On Fri, 3 May 2002, Marc Hasbrouck wrote:

> Actually what is going on here is that one IP (the
> dhcp one) is being served by my firewall and the fixed
> one is for use on my internal LAN only. The firewall I
> have gets the WAN info via dhcp and then passes that
> on as a dhcp server for the LAN.

This was not clear to me before.

> I want a fixed address to do local net installs from.
> If packets won't get routed back correctly to the
> local requester, then I may have to use brute force.

Replies in a single TCP session initiated by the client will work.  It is
subordinate TCP connections that could have problems, and not all clients
will be secure enough to notice the discrepancy anyway.

> The brute force method involves the server having a
> second NIC on a different subnet and changing the
> client's address for the NFS operations (Net install /
> upgrade). Then the client's IP would be changed back
> to match it's use on the LAN.

With respect to routing, IP Aliasing is indistinguishable from using a
second NIC connected to the same physical network.  Since you are only
looking for local service (not internet routed services), you can use
custom routing rules to solve the problem.

If you have a good firewall, you should be able to use dhcp to assign
fixed IPs based on MAC address.  This would give you the most succinct
solution.... one ip address.

> 
> Thanks for the warning
> Marc
> 
> --- Jeff Newmiller <jdnewmil@dcn.davis.ca.us> wrote:
> > On Fri, 3 May 2002, Marc Hasbrouck wrote:
> > 
> > > Here's a challenging question (for me at least),
> > > 
> > > I want to have server with two IP's on the same
> > > subnet. So far, my attemps with two NIC's don't
> > work.
> > > To get any kind of connectivity, each NIC needs to
> > > talk to a differnt subnet.
> > > 
> > > What I want to do it this:
> > > 
> > > eth0 - dhcp to get my name isp's name servers from
> > the
> > > firewall/dhcp server. No server service requests
> > > (Samba, NFS, or FTP) allowed in.
> > > 
> > > eth1 - in the same subnet, but a fixed address
> > outside
> > > the dhcp range with server services running
> > against
> > > it.
> > > 
> > > The idea was to set up a mirror of Redhat's
> > updates
> > > files and update my systems locally with out
> > having to
> > > pay for multiple RH network memberships. I plan to
> > > keep three to four systems updated this way. Each
> > will
> > > have a different configuration (Server, laptop,
> > > workstation, etc.).
> > > 
> > > Questions:
> > > 
> > > 1. Is this possible?
> > 
> > The configuration you want is not practical.
> > 
> > The killer is getting your ISP to route packets to
> > this other "fixed
> > address".  They provide this service for a fee...
> > and it is higher than
> > (2-3 times) the dhcp level of service you pay for
> > now.  If you do pay for
> > it, there won't be much point in keeping the dhcp
> > service.
> > 
> > Even if you could get this configuration set up with
> > your ISP, and you
> > then used IP Aliasing, Linux will accept packets
> > coming in on either IP
> > number, but you may experience some difficulties
> > with serving protocols
> > like FTP that expect the server to open connections
> > going back to the
> > client. New outbound connections will usually pick
> > up the source ip of the
> > default interface... and the client that requested
> > the "return reply" can
> > get confused when it receives an "answer" from the
> > wrong IP address.
> > Having one IP address on each network segment is
> > really the most
> > straightforward solution.
> > 
> > > 2. Would it be easier to just learn how to use
> > iptables?
> > 
> > Perhaps, but are apples easier than oranges?  I
> > don't think the solution
> > lies thataway.
> > 
> >
> ---------------------------------------------------------------------------
> > Jeff Newmiller                        The     ..... 
> >      .....  Go Live...
> > DCN:<jdnewmil@dcn.davis.ca.us>        Basics: ##.#. 
> >      ##.#.  Live Go...
> >                                       Live:   OO#..
> > Dead: OO#..  Playing
> > Research Engineer (Solar/Batteries            O.O#. 
> >      #.O#.  with
> > /Software/Embedded Controllers)               .OO#. 
> >      .OO#.  rocks...2k
> >
> ---------------------------------------------------------------------------
> > 
> > _______________________________________________
> > vox-tech mailing list
> > vox-tech@lists.lugod.org
> > http://lists.lugod.org/mailman/listinfo/vox-tech
> 
> 
> __________________________________________________
> Do You Yahoo!?
> Yahoo! Health - your guide to health and wellness
> http://health.yahoo.com
> _______________________________________________
> vox-tech mailing list
> vox-tech@lists.lugod.org
> http://lists.lugod.org/mailman/listinfo/vox-tech
> 

---------------------------------------------------------------------------
Jeff Newmiller                        The     .....       .....  Go Live...
DCN:<jdnewmil@dcn.davis.ca.us>        Basics: ##.#.       ##.#.  Live Go...
                                      Live:   OO#.. Dead: OO#..  Playing
Research Engineer (Solar/Batteries            O.O#.       #.O#.  with
/Software/Embedded Controllers)               .OO#.       .OO#.  rocks...2k
---------------------------------------------------------------------------