Re: [systemd-devel] [networkd] Mixing DHCP & static IPs on 1 interface

2017-02-22 Thread Kai Krakow 
Am Tue, 21 Feb 2017 18:30:07 -0600
schrieb Ian Pilcher :

> I'm trying to find a way to do this with systemd-networkd.
> 
> The reason is that my cable modem listens on a 192.168.X.X address.
> Normally this "just works".  My firewall tries to send traffic
> destined for this address to my ISP's router, and the cable modem
> intercepts the packets and responds.
> 
> If I lose connectivity, however, my firewall doesn't have a default
> route, so it doesn't know where to send packets destined for
> 192.168.X.X.  The net result is that I lose connectivity to my cable
> modem's diagnostic pages at exactly the time that I need to access
> them. (OK, I don't really lose connectivity; I just have to manually
> add an IP address on the proper subnet to the firewall's external
> interface. It works, but it's so ... MANUAL!  :-)
> 
> My goal is to have both the DHCP assigned address (from my ISP) and
> the static address always configured on the external interface.  I've
> tried creating two separate .network files that match the interface,
> but only the DHCP address is getting assigned.  (The old network
> service actually is able to set this up on boot, but the static IP
> eventually goes away. I suspect that dhclient is deleting it when it
> renews its lease.)

The difference may be that the previous network script created alias
interfaces, like eth0:0, eth0:1...

You could try to create an alias interface with systemd-networkd, and
assign that the static IP. But how to do this is currently beyond my
knowledge.

-- 
Regards,
Kai

Replies to list-only preferred.

___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] [networkd] Mixing DHCP & static IPs on 1 interface

2017-02-22 Thread D.S. Ljungmark 


On 22/02/17 15:57, Reindl Harald wrote:
> 
> please keep repsonses on the list
> 
> Am 22.02.2017 um 15:42 schrieb Ian Pilcher:
>> On 02/21/2017 08:28 PM, Reindl Harald wrote:
>>> since this should be all on the LAN side something is *very* unusual on
>>> your setup - the firewall i setup at office is just a virtual machine
>>> with a single NIC and is able to do NAT and filtering as well as
>>> traffic-shaping (limit all workstations together to 80% of the WAN line)
>>> with a single IP address - so i don't see any reason why your firewall
>>> can't forward packages to your router independent of the WAN state on
>>> the other side of the router
>>
>> It's not a matter for forwarding packets to a *router*.  I'm trying to
>> get packets to go to the cable modem, which listens on that 192.168.X.X
>> address - regardless of the actual public subnet
> 
> but i don't understand why it has a different IP address depending on
> the state of the WAN side - normally you talk to your modem over the LAN
> 
> "If I lose connectivity, however, my firewall doesn't have a default
> route" - solve that
> 
> https://www.cyberciti.biz/faq/linux-creating-or-adding-new-network-alias-to-a-network-card-nic/
> 

It's not that uncommon.

The device is using a DHCP relay/proxy towards the LAN side, and allows
both states at once. You configure a hard-coded subnet for diagnostics
pages, and DHCP gets routed through to the other side.

This means that his devices (linux machine) appear to themselves to be
on the open side of the network, (WAN) and not being NAT-ed at all.

So, it's para-bridging the interfaces and that's a perfectly valid thing
to do.

//D.S
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] [networkd] Mixing DHCP & static IPs on 1 interface

2017-02-22 Thread Reindl Harald 


please keep repsonses on the list

Am 22.02.2017 um 15:42 schrieb Ian Pilcher:

On 02/21/2017 08:28 PM, Reindl Harald wrote:

since this should be all on the LAN side something is *very* unusual on
your setup - the firewall i setup at office is just a virtual machine
with a single NIC and is able to do NAT and filtering as well as
traffic-shaping (limit all workstations together to 80% of the WAN line)
with a single IP address - so i don't see any reason why your firewall
can't forward packages to your router independent of the WAN state on
the other side of the router


It's not a matter for forwarding packets to a *router*.  I'm trying to
get packets to go to the cable modem, which listens on that 192.168.X.X
address - regardless of the actual public subnet


but i don't understand why it has a different IP address depending on 
the state of the WAN side - normally you talk to your modem over the LAN


"If I lose connectivity, however, my firewall doesn't have a default
route" - solve that

https://www.cyberciti.biz/faq/linux-creating-or-adding-new-network-alias-to-a-network-card-nic/
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] [networkd] Mixing DHCP & static IPs on 1 interface

2017-02-21 Thread Reindl Harald 



Am 22.02.2017 um 01:30 schrieb Ian Pilcher:

I'm trying to find a way to do this with systemd-networkd.

The reason is that my cable modem listens on a 192.168.X.X address.
Normally this "just works".  My firewall tries to send traffic destined
for this address to my ISP's router, and the cable modem intercepts the
packets and responds.

If I lose connectivity, however, my firewall doesn't have a default
route, so it doesn't know where to send packets destined for
192.168.X.X.  The net result is that I lose connectivity to my cable
modem's diagnostic pages at exactly the time that I need to access them.
(OK, I don't really lose connectivity; I just have to manually add an
IP address on the proper subnet to the firewall's external interface.
It works, but it's so ... MANUAL!  :-)


since this should be all on the LAN side something is *very* unusual on 
your setup - the firewall i setup at office is just a virtual machine 
with a single NIC and is able to do NAT and filtering as well as 
traffic-shaping (limit all workstations together to 80% of the WAN line) 
with a single IP address - so i don't see any reason why your firewall 
can't forward packages to your router independent of the WAN state on 
the other side of the router

___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel