From owner-freebsd-net@FreeBSD.ORG Sun Oct 22 16:00:22 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 932F116A47B for ; Sun, 22 Oct 2006 16:00:22 +0000 (UTC) (envelope-from tataz@tataz.chchile.org) Received: from smtp2-g19.free.fr (smtp2-g19.free.fr [212.27.42.28]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0328A43D46 for ; Sun, 22 Oct 2006 16:00:16 +0000 (GMT) (envelope-from tataz@tataz.chchile.org) Received: from tatooine.tataz.chchile.org (tataz.chchile.org [82.233.239.98]) by smtp2-g19.free.fr (Postfix) with ESMTP id 5B60675C12; Sun, 22 Oct 2006 18:00:16 +0200 (CEST) Received: from obiwan.tataz.chchile.org (unknown [192.168.1.25]) by tatooine.tataz.chchile.org (Postfix) with ESMTP id A719E9E6C2; Sun, 22 Oct 2006 16:01:03 +0000 (UTC) Received: by obiwan.tataz.chchile.org (Postfix, from userid 1000) id 922AC405B; Sun, 22 Oct 2006 18:01:03 +0200 (CEST) Date: Sun, 22 Oct 2006 18:01:03 +0200 From: Jeremie Le Hen To: Raymond Wagner Message-ID: <20061022160103.GX53114@obiwan.tataz.chchile.org> References: <20061016061255.CNQK10743.gx6.fuse.net@raymond2> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20061016061255.CNQK10743.gx6.fuse.net@raymond2> User-Agent: Mutt/1.5.13 (2006-08-11) Cc: freebsd-net@freebsd.org Subject: Re: [fbsd] Virtual Network Interfaces X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 22 Oct 2006 16:00:22 -0000 Hi Raymond, On Mon, Oct 16, 2006 at 02:12:47AM -0400, Raymond Wagner wrote: > My ISP provides me up to 5 dynamically assigned addresses out of a /20 > block. I have more than 5 machines on my network, so I have no choice but > to run NAT, however I would like to force two of those machines onto their > own external addresses. If I had static addresses, I could simply alias the > addresses into the external interface and then use "binat" in pf to redirect > the traffic. However, the addresses have to be requested from the DHCP > server, and expire after 4 hours. > > I can get this to work by running the NAT function under QEMU and just > giving the virtual machine several interfaces bridged to the physical > external interface. Running a VM is far from ideal. Is there any way I > could set up a virtual network interface that could be bridged to the true > interface and grab its own DHCP address? I don't know if that works, but I would try the following setup. Supposing you have two physical interaces, an external one (ext0) and an internal one (int0), I would create a VLAN on int0 for each machine which have to have its own public address (vlan1 and vlan2) and bridge { ext0, vlan1, vlan2 }. On Linux, there is an interesting feature that, once two interfaces are bridged, you can use a tool called "ebtables" to select if a packet is going to be bridged or routed, depending on layer 2 and layer 3 informations. (See http://ebtables.sourceforge.net/ebtables-man.html) Regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org >