I'm just curious about pulling more than one IP on a single interface. Does this require special hardware? How would you go about doing this at an OS level (Linux, of course). Can you pull more than one DHCP address?

The reason I ask is so that I can pull more than one IP on my firewall, and use one for the DMZ and one for internal addresses.

TIA.

perhaps i misunderstand your question --

you have a PC under a network, and it only has one NIC. You have a firewall above this PC which runs a dhcp server for the internal network, and another dhcp server for the DMZ.

Now, this makes no sense to me because you want your PC with only one NIC to connect to both -- but both are driven by DHCP, which leads me to believe that you seperate the networks physically, not logically -- which would also lead me to the conclusion that for you to have one PC connected to both you would need two NICs.

but i think we misunderstand each other. Moreover, I miss the problem you are experiencing that would require you jury-rig your PC in such a manner....

could you explain more? perhaps a diagram?

I want my firewall to have three NICs. One will be on the internal network (private IPs), one will be in the DMZ (masqueraded private IPs), and one on the internet. I want the NIC on the internet to pull two public IPs. I would like for one of the IPs to be for the private network and one for the DMZ. The purpose behind this is so that:

1) I can have a public IP pointing directly to the single machine I plan on placing in the DMZ.
2) The firewall will be able to manage traffic between the DMZ and the private network.


Does that make it any more clear?

*bump*

sorry -- I went on a mini-vacation...

I understand what you're going for now, though I'm a little iffy as to why still. Can't you just direct all unrequested inbound traffic to your internal server?

Since i've gotten the impression that this is a home network, will your ISP even allow you two public IPs?

If so, and you plan to place a machine in the DMZ with a virtual public IP, why bother putting it beneath your firewall -- why not just put that machine above the firewall, and let the external NIC on the FW take the other public IP?

Multiple IP's on a single nic:

You have to create aliases to the primary interface. For example eth0:1 is attached to eth0 but with a different IP or network.

Create the below file:
On RH: /etc/sysconfig/network-scripts/ifcfg-eth0:1
on SuSE:/etc/sysconfig/network/ifcfg-eth0:1

you can copy the contents of your ifcfg-eth0 file to the ifcfg-eth0:1 file, and change the information to reflect the network you want for the alias. /etc/init.d/network restart to apply the new settings and you're done.

If you just want to test multiple IP's on one NIC, you can run something like:
ifconfig eth0:1 172.16.230.15
and it will create eth0:1 with the above IP. This is useful if you have very limited hardware and want to test various configurations...

Does this require any specific hardware, or is it done entirely by the kernel?

Secesh, this is really just more for fun than anything else. I realize that it's not the best way, but it's more interesting.

You don't need any special hardware, no.