Microwave_Ab's Blog

Where I always sometimes document what I've been doing

IP Hell

First blog post, where I document my struggles with getting two IPs over DHCP and talk about the reasons why I started blogging. (Spoiler: they are not fresh)

Update 27.11.2021

Day 3: I don't know what to even try anymore. I have searched half the internet and still haven't found anything. Well actually I have but nothing seems to work regardless.

If it isn't obvious from the paragraph above, I have been tinkering with networking. In my opinion networking is one of those things that seems to be easy when looked from afar, but get really hard when you try to do anything even remotely custom. Want to get two IPs from ISP over DHCP? Sounds simple? That's the problem I've been fighting for three days. The sole reason why I even created a blog folder on my server is to warn those who come after me.

Progress so far

So here is a nutshell version of what I have learned:

  1. DHCP assigns one IP per MAC. Hence, my router needs to have two MAC addresses in order to get two IPs.
  2. One interface can only have one MAC address, so I need two interfaces that are accessible from WAN. I can achieve this by creating a virtual interface.
  3. The interface that is facing WAN blocks (doesn't read) all traffic that doesn't have its MAC unless it is put into promiscuous mode.
  4. So if I manage to create a virtual interface alongside my main interface and manage to get traffic flowing to both, I win.

My router is running OpenWRT, so everything listed above should be possible to perform. HOWEVER when I did try to do this I only managed to get one interface work at a time, even if I changed all my interfaces into promiscuous mode. This is really giving me a headache. Even Stack Overflow hasn't answered me.

Update 28.11.2021

Who even uses client ids?

Apparently there's this thing called "client id". Contrary to my previous update, it seems that DHCP assigns IPs based on client ids, not MACs. This client id is usually the MAC but it can be made different from MAC by manual configuration. And today I nearly coomed when I learned that you can run multiple DHCP-clients on one interface with different client ids. Just imagine: No need for that virtual interface hazzle-hell-shitstorm.

HOWEVER (2 and counting...) my ISP didn't provide my other DHCP-client process with a different IP. They gave me the same IP again! Like how??? The only conclusion I can draw from here is that my ISP isn't complying with the standards. That's quite absurd considering I live in Finland where Nokia, SSH and nation-wide fiber happened in the last century. Well I put a post (in Finnish) to their forum asking if my thesis about this heresy is true. I also integrated my problem to the post hoping that some IT-guru will save me one day.

Update 2.12.2021


I've got it working! After thanking all the Gods and Goddesses of tech I decided that I must document this revolutionary feat immediately. Before I explain the solution step by step I want to point out that the journey was challenging to the bitter end. When I was literally configuring the last setting I forgot to type CIDR notation to the end of an IP, which naturally heh, you know: BRICKED MY ENTIRE GRID. Luckily I managed to utilize OpenWrt's failsafe function to fix that error. Now, without further ado:

Microwave_Ab's Premium Solution to Multihosting on LAN

A way to get two public IPs for an OpenWrt router and configuring it so that you can have two servers behind NAT with overlapping ports.

  1. Install kmod-macvlan

  2. Create a MACVLAN device & interface for it

    Let srv1_IP and srv2_IP be the IPs of the servers running in your LAN. Let pub1_IP be your current public IP.

    Navigate to Network > Interfaces > Devices and create a device. Configure:

    1. Device type to MACVLAN.
    2. Name. We will refer to it as virtual0 in this guide.
    3. Existing device to the interface that is facing WAN, usually eth0.2 (a VLAN).
    4. MAC address to something absolutely unique.

    Save and apply. Then head to the interfaces tab. Create new interface. Configure:

    1. Name. We refer to it as wan2.
    2. Device to virtual0.
    3. Protocol to DHCP client.

    After creating, open advanced settings and tick Use default gateway off. Save and apply. Note down the IP your ISP gave to wan2. We will refer to it as pub2_IP.

  3. Do the port forwarding

    Now that we have more than one public IP, we need to specify which public IP maps to which local IP. Configure the port forwards as you want but remember to match the public destination IP:

    Now your servers have reachable public IPs. However, your srv2 doesn't have any way to respond to requests. Let's fix that.

  4. Route some stuff

    Navigate to Network > Static Routes and add some routes:

    Save and apply.

  5. Le final touch

    The last step is to redirect all the traffic from srv2_IP to the route table 62 created earlier. This is easily done, but it requires modifying the config files directly.

    SSH to the router and open /etc/config/network in editor. Append:

    config rule
    	option src 'srv2_IP/32'
    	option lookup '62'

    to the end of file.

    Side note: This was the step where I forgot CIDR, which led to catastrophic consequences.

    Then restart some interface or reload network config some other way. Issue command ip rules show to make sure your rule was added.

  6. Profit?

Blog #1 complete!

As you might have observed, my blog isn't a traditional one. Usually people create posts in one sitting and never get back to them. I on the other hand intend to keep my content in these thread-like conventions so people who seek solutions to problems can read them easily. After all my inspiration for writing a blog was to warn other people of the horrors that I've gone through. Why did I write this solution then? Because not even criminals deserve poorly documented software.

Thank you for reading