# Doing incredibly stupid things(tm) - tunnels and dhcp



## dvdmandt (Feb 16, 2011)

Hi everyone. First of all, I do realize this is most likely incredibly stupid. I do it mostly for fun and learning.

I have two servers, A and B. A has two NICs, one connected to my LAN and one connected to the internet, B has one NIC connected to my LAN.


```
ServA
  rl0: 89.*.*.* (public)
  rl1: 192.168.0.100 (lan)

ServB
  em0: 192.168.0.128 (lan)
```

ServA gets it's public ip address from my ISP using DHCP.

My goal here is to give ServB a public ip address on a virtual/whatever interface. To do this, I must create some form of tunnel between ServA and ServB. Ideally something like epair, but with the two virtual nics on different computers. Like this:


```
ServA
  rl0: 89.*.*.*
  rl1: 192.168.0.100 
  epair0a: (not sure an ip address is needed)
  bridge0: members rl0 and epair0a

ServB
  em0: 192.168.0.128
  epair0b: dhcp
```

So when I would run
`$ dhclient epair0b`
on ServB, it would ask the dhcp server connected to rl0 on ServA.

Is this possible, and if so, how?


----------



## phoenix (Feb 16, 2011)

You need two separate MAC addresses in order to get two separate IPs via DHCP.  The only way to do that is to have two separate NICs on the public side, and to run two separate dhclient processes.

Then use packet filter rules to NAT traffic through the second public IP to the private IP of ServB.

There's a way to "fake" it using a bridge interface, but it gets horribly complicated with the IPFW rules to make it work.

Best way is to just put another NIC into ServA.


----------



## gordon@ (Feb 17, 2011)

Actually, if you just bridged ServA rl0 and rl1 together and then ran DHCP on ServA rl0 and ServB em0, it might work. You'd no longer have the internal IP addresses though.


----------



## dvdmandt (Feb 17, 2011)

Well, I can't add another NIC, and there are other computers and servers on the LAN, including another DHCP server, so that won't work either. 

phoenix: I managed to get two addresses from DHCP using one NIC already, it's really simple and requires no ipfw hacking at all as far as I noticed?

What I need is a virtual NIC on both ServA and ServB with a (virtual) crossover cable between them. Is that possible? Using gif perhaps?


----------



## wblock@ (Feb 17, 2011)

dvdmandt said:
			
		

> Well, I can't add another NIC, and there are other computers and servers on the LAN, including another DHCP server, so that won't work either.
> 
> phoenix: I managed to get two addresses from DHCP using one NIC already, it's really simple and requires no ipfw hacking at all as far as I noticed?



How?  Anyway, if you already have that on the net gateway machine, why not just use the firewall to redirect things coming in on the second IP address to the internal machine?


----------

