Re: Same MAC address in 2 different VLANs

[Olivier Nicole]

 I think you maybe ok. Ive just looked at my esx config and the esx
 management interfaces use their own generated macs, not the physical
 interfaces ones. All the vms obviously use generated macs as well.

 However I only looked over it at a superficial level.

 Have you considered using a tap or spare phyical interface on your flex box
 and not linking it to the network?

Thank you, that was a brilliant idea: Flex only needs that one
interface, with the specific MAC, exists on the host, it does not
specifically try to use that interface for managing licenses, so a tap
hanging to nowhere is the solution.

Best regards,

Olivier



 On 19 July 2013 10:29, Olivier Nicole olivier.nic...@cs.ait.ac.th wrote:

 Hello,

 Could any one comment about the use of the same MAC address in 2
 separate VLANs?

 All my machines are connected to 2 VLANs (one public and one private)
 with no routing in between the VLANs.

 I used to run a FLEX license manager to a physical machine. When I
 virtualized that service, I had to use the MAC address of that physical
 machine for the virtual machine (FLEX is linked to the MAc address and I
 coul dnot issue new license as licensed the pproduct is not supported
 anymore). The virtual NIC that has the old MAC address is connected to
 the public VLAN.

 Now I want to reuse the physical machine as a VMware server. Dell nor
 VMware offer a solution to change the MAC address (like
 ifconfig em0 link xx:xx:xx:xx:xx:xx would do). So I plan to connect the
 NIC with the incriminated MAC to the private VLAN.

 Most (if not all) my servers are FreeBSD. Most will access the virtual
 machine running FLEX and may access the VMware server also. The servers
 are not VLAN aware.

 Will this be an issue?

 Best regars,

 Olivier

 --
 ___
 freebsd-questions@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/freebsd-questions
 To unsubscribe, send any mail to 
 freebsd-questions-unsubscr...@freebsd.org

 ___
 freebsd-questions@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/freebsd-questions
 To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Same MAC address in 2 different VLANs

[Olivier Nicole]

Hello,

Could any one comment about the use of the same MAC address in 2
separate VLANs?

All my machines are connected to 2 VLANs (one public and one private)
with no routing in between the VLANs.

I used to run a FLEX license manager to a physical machine. When I
virtualized that service, I had to use the MAC address of that physical
machine for the virtual machine (FLEX is linked to the MAc address and I
coul dnot issue new license as licensed the pproduct is not supported
anymore). The virtual NIC that has the old MAC address is connected to
the public VLAN.

Now I want to reuse the physical machine as a VMware server. Dell nor
VMware offer a solution to change the MAC address (like 
ifconfig em0 link xx:xx:xx:xx:xx:xx would do). So I plan to connect the
NIC with the incriminated MAC to the private VLAN.

Most (if not all) my servers are FreeBSD. Most will access the virtual
machine running FLEX and may access the VMware server also. The servers
are not VLAN aware.

Will this be an issue?

Best regars,

Olivier

-- 
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: Same MAC address in 2 different VLANs

[krad]

I think you maybe ok. Ive just looked at my esx config and the esx
management interfaces use their own generated macs, not the physical
interfaces ones. All the vms obviously use generated macs as well.

However I only looked over it at a superficial level.

Have you considered using a tap or spare phyical interface on your flex box
and not linking it to the network?


On 19 July 2013 10:29, Olivier Nicole olivier.nic...@cs.ait.ac.th wrote:

 Hello,

 Could any one comment about the use of the same MAC address in 2
 separate VLANs?

 All my machines are connected to 2 VLANs (one public and one private)
 with no routing in between the VLANs.

 I used to run a FLEX license manager to a physical machine. When I
 virtualized that service, I had to use the MAC address of that physical
 machine for the virtual machine (FLEX is linked to the MAc address and I
 coul dnot issue new license as licensed the pproduct is not supported
 anymore). The virtual NIC that has the old MAC address is connected to
 the public VLAN.

 Now I want to reuse the physical machine as a VMware server. Dell nor
 VMware offer a solution to change the MAC address (like
 ifconfig em0 link xx:xx:xx:xx:xx:xx would do). So I plan to connect the
 NIC with the incriminated MAC to the private VLAN.

 Most (if not all) my servers are FreeBSD. Most will access the virtual
 machine running FLEX and may access the VMware server also. The servers
 are not VLAN aware.

 Will this be an issue?

 Best regars,

 Olivier

 --
 ___
 freebsd-questions@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/freebsd-questions
 To unsubscribe, send any mail to 
 freebsd-questions-unsubscr...@freebsd.org

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: Same MAC address in 2 different VLANs

[joost]

 Hello,

 Could any one comment about the use of the same MAC address in 2
 separate VLANs?

[...]

 Will this be an issue?


You might run into problems if the two (virtual) systems are attached to a
different port on your switch. Some switches don't take the vlan into
account when learning on which port a mac address exists. These switches
will see the mac address jumping between ports all the time.



Joost.



___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

something wrong of ifconfig bridge0 addr - mac address appears on wrong interface

[ProAce]

( untrust ) --- ( em0 , bridge0 , em1 ) --- ( trust )

Sometimes , I cannot connect to trust server from untrust.
I log some information from ifconfig bridge0 addr.
It seems some thing wrong of trust server's mac appear on em0.


trust serv1's mac: 00:50:56:af:2e:43
trust serv2's mac: 00:50:56:af:75:63


STEP1: The serv2 is not shown in bridge addr. table

   tp-fw [~] -root- ifconfig bridge0 addr
   00:50:56:af:2e:43 Vlan1 em1 1200 flags=0
   64:9e:f3:06:52:03 Vlan1 em0 1192 flags=0
   70:ca:9b:e3:a5:83 Vlan1 em0 1192 flags=0
   70:ca:9b:e3:a5:c3 Vlan1 em0 1200 flags=0

STEP2: I ping the serv2's ip from untrust , and I got 100% packet loss.

STEP3: show bridge addr. table again

   tp-fw [~] -root- ifconfig bridge0 addr
   00:50:56:af:75:63 Vlan1 em0 1198 flags=0
   00:50:56:af:2e:43 Vlan1 em1 1200 flags=0
   64:9e:f3:06:52:03 Vlan1 em0 1150 flags=0
   70:ca:9b:e3:a5:83 Vlan1 em0 1150 flags=0
   70:ca:9b:e3:a5:c3 Vlan1 em0 1200 flags=0

OMG! It's wrong of the 00:50:56:af:75:63 is shown with em0 interface.

STEP4: I ping the serv2's ip from tp-fw , and I got icmp reply.

STEP5: show bridge addr. table again

tp-fw [~] -root- ifconfig bridge0 addr
   00:50:56:af:75:63 Vlan1 em1 1197 flags=0
   00:50:56:af:2e:43 Vlan1 em1 1199 flags=0
   64:9e:f3:06:52:03 Vlan1 em0 1170 flags=0
   70:ca:9b:e3:a5:83 Vlan1 em0 1170 flags=0
   70:ca:9b:e3:a5:c3 Vlan1 em0 1200 flags=0

The 00:50:56:af:75:63 is shown with em1 interface correctly.

Why does STEP2 cause the wrong bridge addr table?
How to solve it?
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: Changing the MAC address on a LAN adapter

[Paul B Mahol]

On Sun, Jan 23, 2011 at 3:47 PM, John R. Levine jo...@iecc.com wrote:
 Is this a known problem?  As far as I know, it's supposed to work.

 How you change MAC address? With ether command?

 # ifconfig em0 ether 01:17:a4:8f:04:5d

Well, if it does not work it can be driver bug.

In iwn case try to set MAC address of iwn before creating wlan or
you will need to set same MAC on wlanX and iwn.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: Changing the MAC address on a LAN adapter

[Da Rock]

On 01/25/11 01:14, Paul B Mahol wrote:

On Sun, Jan 23, 2011 at 3:47 PM, John R. Levinejo...@iecc.com  wrote:
   

Is this a known problem?  As far as I know, it's supposed to work.
 

How you change MAC address? With ether command?
   

# ifconfig em0 ether 01:17:a4:8f:04:5d
 

Well, if it does not work it can be driver bug.

In iwn case try to set MAC address of iwn before creating wlan or
you will need to set same MAC on wlanX and iwn.
   
Actually I can confirm that. I use lagg for failover, and I remember now 
you have to set the 'real' interface to the MAC of the other lagg 
member, not a 'psuedo-device' or it won't work. Same principle applies here.


HTH
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: Changing the MAC address on a LAN adapter

[John R. Levine]

Is this a known problem?  As far as I know, it's supposed to work.



Well, if it does not work it can be driver bug.


Well, yes, that's what I'm asking.  Is it a known driver bug?


In iwn case try to set MAC address of iwn before creating wlan or
you will need to set same MAC on wlanX and iwn.


Done that, doesn't help.

Regards,
John Levine, jo...@iecc.com, Primary Perpetrator of The Internet for Dummies,
Please consider the environment before reading this e-mail. http://jl.ly___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: Changing the MAC address on a LAN adapter

[Fred]

Da Rock wrote:

On 01/25/11 01:14, Paul B Mahol wrote:

On Sun, Jan 23, 2011 at 3:47 PM, John R. Levinejo...@iecc.com  wrote:
  

Is this a known problem?  As far as I know, it's supposed to work.
 

How you change MAC address? With ether command?
   

# ifconfig em0 ether 01:17:a4:8f:04:5d
 

Well, if it does not work it can be driver bug.

In iwn case try to set MAC address of iwn before creating wlan or
you will need to set same MAC on wlanX and iwn.
   
Actually I can confirm that. I use lagg for failover, and I remember 
now you have to set the 'real' interface to the MAC of the other lagg 
member, not a 'psuedo-device' or it won't work. Same principle applies 
here.


HTH
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to 
freebsd-questions-unsubscr...@freebsd.org




Ethernet MAC addresses are assigned by the manufacturer of the 
equipment.  Each unit gets a unique address which generally can't be 
changed and shouldn't be changed.  The manufacturer buys a block of 
addresses from the IEEE.


Best regards,
Fred

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: Changing the MAC address on a LAN adapter

[Chuck Swiger]

On Jan 24, 2011, at 10:44 AM, Fred wrote:
 Ethernet MAC addresses are assigned by the manufacturer of the equipment.  
 Each unit gets a unique address which generally can't be changed and 
 shouldn't be changed.  The manufacturer buys a block of addresses from the 
 IEEE.

Yes, although folks can set the locally administered bit in the 6-byte MAC 
address instead of using globally administered addresses  vendor-assigned 
blocks from IEEE OUI...

Regards,
-- 
-Chuck

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: Changing the MAC address on a LAN adapter

[Da Rock]

On 01/25/11 04:44, Fred wrote:

Da Rock wrote:

On 01/25/11 01:14, Paul B Mahol wrote:

On Sun, Jan 23, 2011 at 3:47 PM, John R. Levinejo...@iecc.com  wrote:

Is this a known problem?  As far as I know, it's supposed to work.

How you change MAC address? With ether command?

# ifconfig em0 ether 01:17:a4:8f:04:5d

Well, if it does not work it can be driver bug.

In iwn case try to set MAC address of iwn before creating wlan or
you will need to set same MAC on wlanX and iwn.
Actually I can confirm that. I use lagg for failover, and I remember 
now you have to set the 'real' interface to the MAC of the other lagg 
member, not a 'psuedo-device' or it won't work. Same principle 
applies here.


HTH
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to 
freebsd-questions-unsubscr...@freebsd.org




Ethernet MAC addresses are assigned by the manufacturer of the 
equipment.  Each unit gets a unique address which generally can't be 
changed and shouldn't be changed.  The manufacturer buys a block of 
addresses from the IEEE.


Best regards,
Fred
Yes, but for lagg to work both adapters need the same MAC- otherwise 
routing wouldn't work properly (long story short).


BTW, my wifi is iwn and I have had no trouble.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: Changing the MAC address on a LAN adapter

[Paul B Mahol]

On Sun, Jan 23, 2011 at 3:38 AM, John Levine jo...@iecc.com wrote:
 My Lenovo laptop running 8.1 has two ordinary Intel network adapters,
 a wired PRO/1000 with the em driver and a WiFi PRO/Wireless 5300 with
 the iwn driver.  They work fine, but for either one if I use ifconfig
 to change the MAC address, the adapter won't actually work until I
 change the address back to the native one.  Typical symptoms are
 endless DHCP queries with no response.

 Is this a known problem?  As far as I know, it's supposed to work.

How you change MAC address? With ether command?
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: Changing the MAC address on a LAN adapter

[John R. Levine]

Is this a known problem?  As far as I know, it's supposed to work.


How you change MAC address? With ether command?


# ifconfig em0 ether 01:17:a4:8f:04:5d

Regards,
John Levine, jo...@iecc.com, Primary Perpetrator of The Internet for Dummies,
Please consider the environment before reading this e-mail. http://jl.ly___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Changing the MAC address on a LAN adapter

[John Levine]

My Lenovo laptop running 8.1 has two ordinary Intel network adapters,
a wired PRO/1000 with the em driver and a WiFi PRO/Wireless 5300 with
the iwn driver.  They work fine, but for either one if I use ifconfig
to change the MAC address, the adapter won't actually work until I
change the address back to the native one.  Typical symptoms are
endless DHCP queries with no response.

Is this a known problem?  As far as I know, it's supposed to work.

R's,
John

PS: If you were wondering, obnoxious airport wifi that cuts you off
after an hour and won't let you back on until the next day, keyed by
MAC address.

em0: Intel(R) PRO/1000 Network Connection 7.0.5 port 0x1840-0x185f mem 
0xf260-0xf261,0xf2625000-0xf2625fff irq 20 at device 25.0 on pci0
em0: Using MSI interrupt

iwn0: Intel(R) PRO/Wireless 5300 mem 0xf250-0xf2501fff irq 17 at device 
0.0 on pci3
iwn0: MIMO 3T3R, MoW, address 00:21:6a:b5:18:48
iwn0: [ITHREAD]
iwn0: 11a rates: 6Mbps 9Mbps 12Mbps 18Mbps 24Mbps 36Mbps 48Mbps 54Mbps
iwn0: 11b rates: 1Mbps 2Mbps 5.5Mbps 11Mbps
iwn0: 11g rates: 1Mbps 2Mbps 5.5Mbps 11Mbps 6Mbps 9Mbps 12Mbps 18Mbps 24Mbps 
36Mbps 48Mbps 54Mbps
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

change MAC address for PPPoE connection

[Sergeant M.G.Bob]

Hello
I'm using PPPoE link to connect to the INTERNET. my problem is that I have
to change my MAC address for my night time link. I do that using ifconfig
command before connecting the night link:

*killall ppp
ifconfig cdce0 ether 2a:00:00:00:00:00
ppp -ddial adslnight*

cdce0 is the interface connected to the ADSL modem. command will change the
MAC address on the interface but PPP still uses the old MAC (I can see it
over tcpdump).
I think it's some cache or something that keeps the old MAC.
please help me, I couldn't find anything related on-line.

my ppp.conf:
*adsl:
  set log Phase tun command
  set redial 99 3
  set device PPPoE:cdce0
  set authname UserName
  set authkey Password
  set dial
  set login
  add default HISADDR

adslnight:
  set log Phase tun command
  set redial 99 3
  set device PPPoE:cdce0
  set authname NightUserName
  set authkey NightPassword
  set dial
  set login
  add default HISADDR*
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: IPFW with MAC address configuration

[Ian Smith]

In freebsd-questions Digest, Vol 321, Issue 12, Message: 31
On Fri, 30 Jul 2010 07:18:40 -0400 Carmel carmel...@hotmail.com wrote:

  I am trying to set up a rule using IPFW that utilizes a MAC address
  rather than an IP one.
  
  ipfw -q allow log tcp from MAC 00-14-A4-43-8E-BA to me 137 in via nfe0 setup 
  keep-state
  
  Would that work, assuming the machine I want to allow access has that
  MAC address?

It's not quite that simple.  If you need to examine MAC addresses or 
anything else at layer 2 you first have to set net.link.ether.ipfw=1 
Controls whether layer-2 packets are passed to ipfw.  Default is no.

Then you'll see all packets from ether_demux and ether_output_frame as 
well as the usual layer 3 packets (ie after layer2 headers are removed) 
from ip_input and ip_output.  Read the PACKET FLOW section in ipfw(8) 
for what you need to do to first separate layer2 and layer3 packets, as 
testing for layer2 options like MAC obviously fails on layer3 packets.

Even after separating out the layer2 flows I'm not sure whether you can 
use keep-state with such rules.  And anyway, port 137 (netbios-ns) is a 
UDP service, not TCP.  Is this to do with Samba, or what?

Please cc me on any reply; I'm subscribed to questions as a -digest 
which can take half a day, and the threading gets mangled.

cheers, Ian
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

IPFW with MAC address configuration

[Carmel]

I am trying to set up a rule using IPFW that utilizes a MAC address
rather than an IP one.

ipfw -q allow log tcp from MAC 00-14-A4-43-8E-BA to me 137 in via nfe0 setup 
keep-state

Would that work, assuming the machine I want to allow access has that
MAC address?

-- 
Carmel ✌
carmel...@hotmail.com
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: IPFW with MAC address configuration

[Bas Smeelen]

On 07/30/2010 01:18 PM, Carmel wrote:
 I am trying to set up a rule using IPFW that utilizes a MAC address
 rather than an IP one.

 ipfw -q allow log tcp from MAC 00-14-A4-43-8E-BA to me 137 in via nfe0 setup 
 keep-state

 Would that work, assuming the machine I want to allow access has that
 MAC address?

   
According to the manual (man ipfw) I guess the rule would something like:
ipfw add 1000 allow log tcp MAC any 00:14:A4:43:8E:BA/33 to me 137 in
via nfe0 setup keep-state 

From the manual:

{ MAC | mac } dst-mac src-mac
 Match packets with a given dst-mac and src-mac addresses,
speci-
 fied as the any keyword (matching any MAC address), or six
groups
 of hex digits separated by colons, and optionally followed by a
 mask indicating the significant bits.  The mask may be
specified
 using either of the following methods:

 1.  A slash (/) followed by the number of significant bits.
 For example, an address with 33 significant bits
could be
 specified as:

   MAC 10:20:30:40:50:60/33 any

 2.  An ampersand () followed by a bitmask specified as six
 groups of hex digits separated by colons.  For example,
 an address in which the last 16 bits are significant
 could be specified as:

   MAC 10:20:30:40:50:6000:00:00:00:ff:ff any

 Note that the ampersand character has a special meaning
 in many shells and should generally be escaped.

 Note that the order of MAC addresses (destination first, source
 second) is the same as on the wire, but the opposite of the one
 used for IP addresses.



DISCLAIMER: This e-mail is for the intended recipient(s) only. Access, 
disclosure, copying,
distribution or reliance on any of it by anyone else is prohibited. If you have 
received it
by mistake please let us know by reply and then delete it from your system.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: IPFW with MAC address configuration

[Bas Smeelen]

 On 07/30/2010 01:18 PM, Carmel wrote:
   
 I am trying to set up a rule using IPFW that utilizes a MAC address
 rather than an IP one.

 ipfw -q allow log tcp from MAC 00-14-A4-43-8E-BA to me 137 in via nfe0 setup 
 keep-state

 Would that work, assuming the machine I want to allow access has that
 MAC address?

   
 
 According to the manual (man ipfw) I guess the rule would something like:
 ipfw add 1000 allow log tcp MAC any 00:14:A4:43:8E:BA/33 to me 137 in
 via nfe0 setup keep-state 
To match this mac address exactly it should have MAC any
00:14:A4:43:8E:BA/48
I'm not sure about this


DISCLAIMER: This e-mail is for the intended recipient(s) only. Access, 
disclosure, copying,
distribution or reliance on any of it by anyone else is prohibited. If you have 
received it
by mistake please let us know by reply and then delete it from your system.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: yikes! MAC address changed ??

[James Smallacombe]

Sorry for replying to myself (AND top-posting!) twice in a row, but this 
is become a huge concern.  My first thought is that my provider changed 
routers or router Ethernet ports, hence the MAC address change.  They deny 
this, plus I find the two MAC addresses:


00:17:e0:4f:b9:c0 to 00:13:e0:4f:b9:c0

too close to each other for comfort.  My obvious concern here is that the 
recent php compromises somehow allowed an attacker to alter the ARP table 
entry of the default gateway.  Specific questions are as follows:


1) If this were done via a perl or php script, presumably executing
   an 'arp -s' command, would it show up in the log like that?  I've
   never changed an ARP entry (except to delete it using 'arp -d'), so
   I've only seen log entries like that due to external changes, like
   somebody changing IPs on the LAN from one Ether to another.

2) Could an Ethernet card defect or re0 driver problem cause anything
   like this?  Other bug?

3) If this was an attacker using a local script, how the hell does he
   get a php or perl script owned by UID 80 (or worst case, a user),
   to do this?

Thanks again for any insight...appreciate a reply to both list and 
directly.


On Wed, 10 Feb 2010, James Smallacombe wrote:



Please disregard this...sleep deprication...the IP in questions (which I 
should have disfuised anyway) was not my server's IP, but that of the default 
gateway...the problem was external.


On Wed, 10 Feb 2010, James Smallacombe wrote:



This freaked me out a bit, so I'm just running it past the list to make 
sure this is just a hardware issue...I've never seen it before.


My dedicated server provider replaced my defective server that had been up 
for 6 months after it had apparent failures of a NIC and hard drives.  It 
had also recently been the victim of the Zen Cart exploits (I posted about 
this not long ago).


Tonight I lost connectivity to it, got in via KVM/IP and saw this in the 
syslog:


Feb 10 20:42:51 mail kernel: arp: 209.17.170.1 moved from 00:17:e0:4f:b9:c0 
to 00:13:e0:4f:b9:c0 on re0


My first reaction was that somebody else on the LAN had used my IP address, 
which would have explained the connectivity issues.  However, the IP 
couldn't be pinged and I also noticed that only one number in the address 
had changed...the odds of somebody else having it were long. ifconfig 
showed the I/F down, no carrier.


I rebooted and then it came up with yet a third MAC address, 
00:14:d1:3c:1e:31  Not really even close.  Still no carrier.  Provider 
swaps out the Realtek NIC for a new one and it's working (for now).


Questions that come to mind: could their be a DoS perhaps from a bot or 
c99shell I didn't find?  Even if their was, would it be possible for the 
www user, with no priveleges to even cause this kind of problem?  I had 
disabled suhosin after customers patched their Zen Carts, because it 
interfered with it.


Or...could this be a bug in the re0 driver?  It's just weird.

James Smallacombe PlantageNet, Inc. CEO and Janitor
u...@3.am 
http://3.am

=



James Smallacombe PlantageNet, Inc. CEO and Janitor
u...@3.am   http://3.am
=



James Smallacombe PlantageNet, Inc. CEO and Janitor
u...@3.am   http://3.am
=
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: yikes! MAC address changed ??

[Matthew Seaman]

On 11/02/2010 11:00, James Smallacombe wrote:
 Sorry for replying to myself (AND top-posting!) twice in a row, but this
 is become a huge concern.  My first thought is that my provider changed
 routers or router Ethernet ports, hence the MAC address change.  They
 deny this, plus I find the two MAC addresses:
 
 00:17:e0:4f:b9:c0 to 00:13:e0:4f:b9:c0
 
 too close to each other for comfort.  My obvious concern here is that
 the recent php compromises somehow allowed an attacker to alter the ARP
 table entry of the default gateway.  Specific questions are as follows:

They're not just close: it's a single bit change between the two MACs

 1) If this were done via a perl or php script, presumably executing
an 'arp -s' command, would it show up in the log like that?  I've
never changed an ARP entry (except to delete it using 'arp -d'), so
I've only seen log entries like that due to external changes, like
somebody changing IPs on the LAN from one Ether to another.

You'ld need root level access to change something like that, no matter
if it was from the shell or via some scripting language.  If an attacker
has the capability to do that to you, then it's *game* *over* -- wipe
the box and start again.  Of course, that's a pretty bizarre thing for
an attacker to do.  It draws attention to itself by disrupting your
network communications and there isn't any obvious advantage to be
gained by doing that.  [There might be if the MAC was changed to
collide with another one on the same network segment but I believe that
is not the case here.]

It's not 'arp -s' that is used to change the MAC address on an
interface, but ifconfig(8) -- something like this:

# ifconfig re0 ether 00:17:e0:4f:b9:c0

In fact, you can use this to help diagnose your potential hardware
problem.  Try changing the 2nd byte of the MAC to some other arbitrary
values.  If you find that 0x4 bit always toggled to zero, it's pretty
definitively a hardware problem.  Note: log into the console or via
different network interface befre trying this or you'll kick yourself
off the machine.

 2) Could an Ethernet card defect or re0 driver problem cause anything
like this?  Other bug?

Yes -- this is the most likely cause.  Hardware problems.  The MAC
address is built into the network card using an EEPROM or such like,
and those can conceivably go bad.  Replace the NIC and see if the
problems go away.

 3) If this was an attacker using a local script, how the hell does he
get a php or perl script owned by UID 80 (or worst case, a user),
to do this?

You don't.  You need root access to change the MAC on a network
interface.  Same as for changing the IP number on the interface.
Check /etc/rc.conf -- if there aren't ifconfig commands in there
to modify the ether or link address, and if the modified MAC survives
a system reboot, then it's almost certainly hardware going kaput.
Even if the MAC does recover on reboot, it still might be flakey
hardware.

Cheers,

Matthew

-- 
Dr Matthew J Seaman MA, D.Phil.  7 Priory Courtyard, Flat 3
Black Earth Consulting   Ramsgate
 Kent, CT11 9PW
Free and Open Source Solutions   Tel: +44 (0)1843 580647



signature.asc
Description: OpenPGP digital signature

Re: yikes! MAC address changed ??

[James Smallacombe]

On Thu, 11 Feb 2010, Matthew Seaman wrote:


On 11/02/2010 11:00, James Smallacombe wrote:

Sorry for replying to myself (AND top-posting!) twice in a row, but this
is become a huge concern.  My first thought is that my provider changed
routers or router Ethernet ports, hence the MAC address change.  They
deny this, plus I find the two MAC addresses:

00:17:e0:4f:b9:c0 to 00:13:e0:4f:b9:c0

too close to each other for comfort.  My obvious concern here is that
the recent php compromises somehow allowed an attacker to alter the ARP
table entry of the default gateway.  Specific questions are as follows:


They're not just close: it's a single bit change between the two MACs


1) If this were done via a perl or php script, presumably executing
   an 'arp -s' command, would it show up in the log like that?  I've
   never changed an ARP entry (except to delete it using 'arp -d'), so
   I've only seen log entries like that due to external changes, like
   somebody changing IPs on the LAN from one Ether to another.


You'ld need root level access to change something like that, no matter
if it was from the shell or via some scripting language.  If an attacker
has the capability to do that to you, then it's *game* *over* -- wipe
the box and start again.  Of course, that's a pretty bizarre thing for
an attacker to do.  It draws attention to itself by disrupting your
network communications and there isn't any obvious advantage to be
gained by doing that.  [There might be if the MAC was changed to
collide with another one on the same network segment but I believe that
is not the case here.]


I figure root at some point is needed, but wondered if there was another 
POA I had to worry about.  In effect, I already wiped out this server a 
few days ago...new drives with new / FS from 7.2-RELEASE.  However, I did 
copy over /usr/local and /home file systems from the old server's drive, 
and parts of /var.  Everything in / (including /usr) is fresh.



It's not 'arp -s' that is used to change the MAC address on an
interface, but ifconfig(8) -- something like this:

   # ifconfig re0 ether 00:17:e0:4f:b9:c0


See my second post.  I screwed up in my first post.  It wasn't the MAC 
address of my NIC that changed, it's the MAC address of the DEFAULT 
GATEWAY that changed.  I believe that would use 'arp', not 'ifconfig', 
right?



2) Could an Ethernet card defect or re0 driver problem cause anything
   like this?  Other bug?


Yes -- this is the most likely cause.  Hardware problems.  The MAC
address is built into the network card using an EEPROM or such like,
and those can conceivably go bad.  Replace the NIC and see if the
problems go away.


Ok, longer shot here...could a hardware problem on my box screw up the MAC 
address of the default gateway?  It should be noted that when I did and 
ifconfig -a during this down time, the Ether showed no carrier.  Could 
messed up ARP tables even do that?  I would think that the carrier just 
needs a cable plugged from the NIC into a switch?



3) If this was an attacker using a local script, how the hell does he
   get a php or perl script owned by UID 80 (or worst case, a user),
   to do this?


You don't.  You need root access to change the MAC on a network
interface.  Same as for changing the IP number on the interface.
Check /etc/rc.conf -- if there aren't ifconfig commands in there
to modify the ether or link address, and if the modified MAC survives
a system reboot, then it's almost certainly hardware going kaput.
Even if the MAC does recover on reboot, it still might be flakey
hardware.


Still had no carrier after reboot.  Only after swapping the NIC.  Does a 
reboot wipe out the ARP tables?


James Smallacombe PlantageNet, Inc. CEO and Janitor
u...@3.am   http://3.am
=
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: yikes! MAC address changed ??

[Vincent Hoffman]

On 11/02/2010 11:00, James Smallacombe wrote:

 Sorry for replying to myself (AND top-posting!) twice in a row, but
 this is become a huge concern.  My first thought is that my provider
 changed routers or router Ethernet ports, hence the MAC address
 change.  They deny this, plus I find the two MAC addresses:

 00:17:e0:4f:b9:c0 to 00:13:e0:4f:b9:c0

If it wasnt for the 00:17  to 00:13  change I would suggest that it was
a HSRP/VRRP change, (Virtual ip used by 2 routers in a fail over
fashion) as I see this message often on one of my boxes which are on a
LAN with a pair of ZXTM Load balancers, when one moves from active to
passive and the other takes over (at least I assume thats what they are
doing as apparently they arent running active-active.)

arp: 85.233.xxx.xxx moved from 00:30:48:d4:8c:2a to 00:30:48:d4:8e:86 on em0
arp: 85.233.xxx.xxx moved from 00:30:48:d4:8e:86 to 00:30:48:d4:8c:2a on em0
arp: 85.233.xxx.xxx moved from 00:30:48:d4:8c:2a to 00:30:48:d4:8e:86 on em0
arp: 85.233.xxx.xxx moved from 00:30:48:d4:8e:86 to 00:30:48:d4:8c:2a on em0
arp: 85.233.xxx.xxx moved from 00:30:48:d4:8b:c9 to 00:30:48:d4:8e:d1 on em0
arp: 85.233.xxx.xxx moved from 00:30:48:d4:8e:d1 to 00:30:48:d4:8b:c9 on em0

However in your case, while 00:17:E0 is reasonable (a cisco mac address)
00:13:E0 is a little worrying as apparently its a Murata
Manufacturing(whoever they are) mac address (see
http://www.coffer.com/mac_find/?string=00%3A13%3Ae0%3A4f%3Ab9%3Ac0)

you can check if its a static entry in your arp tables using
arp -a | grep permanent
The only permanent entries should be your local IPs (whatever you have
configured on your interfaces) unless you have any others you have put
in yourself.
so for my server i have
r...@seaurchin ~]# arp -a | grep permanent
seaurchin.the.namesco.net (85.233.xxx.xxx) at 00:11:43:d8:2c:df on em0
permanent [ethernet]
? (10.20.0.3) at 00:11:43:d8:2c:df on em0 permanent [ethernet]

(10.20.0.3 is a jail)
If i manually add an arp entry
[r...@seaurchin ~]# arp -s 85.233.xxx.254 00:30:48:b8:55:ff
[r...@seaurchin ~]# arp -a | grep permanent
? (85.233.xxx.254) at 00:30:48:b8:55:ff on em0 permanent [ethernet]
seaurchin.the.namesco.net (85.233.xxx.xxx) at 00:11:43:d8:2c:df on em0
permanent [ethernet]
? (10.20.0.3) at 00:11:43:d8:2c:df on em0 permanent [ethernet]

Hope this helps a little.

Vince


 too close to each other for comfort.  My obvious concern here is that
 the recent php compromises somehow allowed an attacker to alter the
 ARP table entry of the default gateway.  Specific questions are as
 follows:

 1) If this were done via a perl or php script, presumably executing
an 'arp -s' command, would it show up in the log like that?  I've
never changed an ARP entry (except to delete it using 'arp -d'), so
I've only seen log entries like that due to external changes, like
somebody changing IPs on the LAN from one Ether to another.

 2) Could an Ethernet card defect or re0 driver problem cause anything
like this?  Other bug?

 3) If this was an attacker using a local script, how the hell does he
get a php or perl script owned by UID 80 (or worst case, a user),
to do this?

 Thanks again for any insight...appreciate a reply to both list and
 directly.

 On Wed, 10 Feb 2010, James Smallacombe wrote:


 Please disregard this...sleep deprication...the IP in questions
 (which I should have disfuised anyway) was not my server's IP, but
 that of the default gateway...the problem was external.

 On Wed, 10 Feb 2010, James Smallacombe wrote:


 This freaked me out a bit, so I'm just running it past the list to
 make sure this is just a hardware issue...I've never seen it before.

 My dedicated server provider replaced my defective server that had
 been up for 6 months after it had apparent failures of a NIC and
 hard drives.  It had also recently been the victim of the Zen Cart
 exploits (I posted about this not long ago).

 Tonight I lost connectivity to it, got in via KVM/IP and saw this in
 the syslog:

 Feb 10 20:42:51 mail kernel: arp: 209.17.170.1 moved from
 00:17:e0:4f:b9:c0 to 00:13:e0:4f:b9:c0 on re0

 My first reaction was that somebody else on the LAN had used my IP
 address, which would have explained the connectivity issues. 
 However, the IP couldn't be pinged and I also noticed that only one
 number in the address had changed...the odds of somebody else having
 it were long. ifconfig showed the I/F down, no carrier.

 I rebooted and then it came up with yet a third MAC address,
 00:14:d1:3c:1e:31  Not really even close.  Still no carrier. 
 Provider swaps out the Realtek NIC for a new one and it's working
 (for now).

 Questions that come to mind: could their be a DoS perhaps from a bot
 or c99shell I didn't find?  Even if their was, would it be possible
 for the www user, with no priveleges to even cause this kind of
 problem?  I had disabled suhosin after customers patched their Zen
 Carts, because it interfered with it.

 Or...could this be a bug

Re: yikes! MAC address of default gateway changed ??

[James Smallacombe]

Hi: Please reply-all ; I am not subscribed

On Thu, 11 Feb 2010, Vince Hoffman wrote:



On 11/02/2010 11:00, James Smallacombe wrote:

Sorry for replying to myself (AND top-posting!) twice in a row, but this
is become a huge concern.  My first thought is that my provider changed
routers or router Ethernet ports, hence the MAC address change.  They
deny this, plus I find the two MAC addresses:

00:17:e0:4f:b9:c0 to 00:13:e0:4f:b9:c0


On 11/02/2010 11:00, James Smallacombe wrote:


Sorry for replying to myself (AND top-posting!) twice in a row, but
this is become a huge concern.  My first thought is that my provider
changed routers or router Ethernet ports, hence the MAC address
change.  They deny this, plus I find the two MAC addresses:

00:17:e0:4f:b9:c0 to 00:13:e0:4f:b9:c0


However in your case, while 00:17:E0 is reasonable (a cisco mac address)
00:13:E0 is a little worrying as apparently its a Murata
Manufacturing(whoever they are) mac address (see
http://www.coffer.com/mac_find/?string=00%3A13%3Ae0%3A4f%3Ab9%3Ac0)


Well, that rules out anything by the provider.


you can check if its a static entry in your arp tables using
arp -a | grep permanent
The only permanent entries should be your local IPs (whatever you have
configured on your interfaces) unless you have any others you have put
in yourself.
so for my server i have
r...@seaurchin ~]# arp -a | grep permanent
seaurchin.the.namesco.net (85.233.xxx.xxx) at 00:11:43:d8:2c:df on em0
permanent [ethernet]
? (10.20.0.3) at 00:11:43:d8:2c:df on em0 permanent [ethernet]


Obviously the ARP entry is long gone now and I don't recall if it was 
permanent or not.  It just leaves a couple of questions:


If it was caused by a malicious arp command on my server, wouldn't a 
reboot have gotten rid of it?  Would it also result in a NO CARRIER on 
the interface?  Network did not come back until the Ethernet card was 
swapped.


The bottom line is whether it is possible for a NIC failure to cause the 
kernel to register an ARP change.


Thanks again to everyone...

James Smallacombe PlantageNet, Inc. CEO and Janitor
u...@3.am   http://3.am
=
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: yikes! MAC address changed ??

[Matthew Seaman]

On 11/02/2010 12:22, James Smallacombe wrote:
 It's not 'arp -s' that is used to change the MAC address on an
 interface, but ifconfig(8) -- something like this:

# ifconfig re0 ether 00:17:e0:4f:b9:c0
 
 See my second post.  I screwed up in my first post.  It wasn't the MAC
 address of my NIC that changed, it's the MAC address of the DEFAULT
 GATEWAY that changed.  I believe that would use 'arp', not 'ifconfig',
 right?

Ah, right.  Please ignore my previous bletherings.  Had wrong end of
stick.

 2) Could an Ethernet card defect or re0 driver problem cause anything
like this?  Other bug?

 Yes -- this is the most likely cause.  Hardware problems.  The MAC
 address is built into the network card using an EEPROM or such like,
 and those can conceivably go bad.  Replace the NIC and see if the
 problems go away.
 
 Ok, longer shot here...could a hardware problem on my box screw up the
 MAC address of the default gateway?  It should be noted that when I did
 and ifconfig -a during this down time, the Ether showed no carrier. 
 Could messed up ARP tables even do that?  I would think that the carrier
 just needs a cable plugged from the NIC into a switch?

I still think it's probably hardware.  The question is: duff router or
duff server?

A good test is to see what happens to another box on the same network
segment.  If there's another machine already there that will do, or try
plugging in a laptop configured with a spare IP and the correct default
gateway.  Then try pinging around other addresses on the network, and
beyond your gateway box.

If this third machine:

   * can ping the world successfully, and gets the original (correct)
 mac address

 -- then your server is where the problem is

   * can ping the world successfully, but gets the changed mac address

 -- then your router has somehow changed mac: whether deliberately,
by operator accident or by hardware flaking out.  In which case,
you can leave everything running with the changed mac for the
time being while you concentrate on dealing with the router.

   * can't ping the default gateway or ping through it, but can ping
 other machines on the local net, irrespective of what MAC it picks
 up for the default gateway.

 -- then the router is fubar.  At best it is responding to ARP
requests with a corrupt MAC address and can be cured by a reboot
or similar.  At worst, it needs expensive replacement therapy.

You can't change the MAC address on the router by fiddling with arp(8)
on your server.  You can however terminally confuse your server as to
what the MAC address of the router really is, and you can make mayhem
by creating an arp conflict and having your machine usurp the router's
mac address.  Best not to do either of those things.  Just let the arp
table be populated automatically.  Unless marked as permanent,
addresses in the arp cache will time out and be refreshed once they
reach the maximum age:

% sysctl net.link.ether.inet.max_age
net.link.ether.inet.max_age: 1200

which equates to 20 minutes.  So if you simply wait, it will frequently
sort itself out.

Cheers,

Matthew

-- 
Dr Matthew J Seaman MA, D.Phil.  7 Priory Courtyard, Flat 3
Black Earth Consulting   Ramsgate
 Kent, CT11 9PW
Free and Open Source Solutions   Tel: +44 (0)1843 580647



signature.asc
Description: OpenPGP digital signature

Re: yikes! MAC address of default gateway changed ??

[Matthew Seaman]

On 11/02/2010 14:28, James Smallacombe wrote:
 If it was caused by a malicious arp command on my server, wouldn't a
 reboot have gotten rid of it?  Would it also result in a NO CARRIER on
 the interface?  Network did not come back until the Ethernet card was
 swapped.
 
 The bottom line is whether it is possible for a NIC failure to cause the
 kernel to register an ARP change.

Yes.  Getting 'NO CARRIER' all of a sudden after the NIC has been
behaving weirdly looks very much like hardware spiralling into oblivion
and not enemy action.  Having a corrupted arp cache is also likely a
symptom of hardware going bad.

NIC failure can have the observed results, and it's quite likely that
on reboot the NIC would fail to work entirely in that situation.

Actually, one thing it's always a good idea to test in these
circumstances is that it's not a broken or loose ethernet cable.  This
can cause all sorts of similar weirdness, but it's a lot easier and
cheaper to fix.  I've seen the like sort of problems just from people
pulling cable ties too tight.

Cheers,

Matthew

-- 
Dr Matthew J Seaman MA, D.Phil.  7 Priory Courtyard, Flat 3
Black Earth Consulting   Ramsgate
 Kent, CT11 9PW
Free and Open Source Solutions   Tel: +44 (0)1843 580647



signature.asc
Description: OpenPGP digital signature

Mac address changed ??

[James Smallacombe]

This freaked me out a bit, so I'm just running it past the list to make 
sure this is just a hardware issue...I've never seen it before.


My dedicated server provider replaced my defective server that had been up 
for 6 months after it had apparent failures of a NIC and hard drives.  It 
had also recently been the victim of the Zen Cart exploits (I posted about 
this not long ago).


Tonight I lost connectivity to it, got in via KVM/IP and saw this in the 
syslog:


Feb 10 20:42:51 mail kernel: arp: 209.17.170.1 moved from 
00:17:e0:4f:b9:c0 to 00:13:e0:4f:b9:c0 on re0


My first reaction was that somebody else on the LAN had used my IP 
address, which would have explained the connectivity issues.  However, the 
IP couldn't be pinged and I also noticed that only one number in the 
address had changed...the odds of somebody else having it were long. 
ifconfig showed the I/F down, no carrier.


I rebooted and then it came up with yet a third MAC address, 
00:14:d1:3c:1e:31  Not really even close.  Still no carrier.  Provider 
swaps out the Realtek NIC for a new one and it's working (for now).


Questions that come to mind: could their be a DoS perhaps from a bot or 
c99shell I didn't find?  Even if their was, would it be possible for the 
www user, with no priveleges to even cause this kind of problem?  I had 
disabled suhosin after customers patched their Zen Carts, because it 
interfered with it.


Or...could this be a bug in the re0 driver?  It's just weird.

James Smallacombe PlantageNet, Inc. CEO and Janitor
u...@3.am   http://3.am
=
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: Mac address changed ??

[James Smallacombe]

Please disregard this...sleep deprication...the IP in questions (which I 
should have disfuised anyway) was not my server's IP, but that of the 
default gateway...the problem was external.


On Wed, 10 Feb 2010, James Smallacombe wrote:



This freaked me out a bit, so I'm just running it past the list to make sure 
this is just a hardware issue...I've never seen it before.


My dedicated server provider replaced my defective server that had been up 
for 6 months after it had apparent failures of a NIC and hard drives.  It had 
also recently been the victim of the Zen Cart exploits (I posted about this 
not long ago).


Tonight I lost connectivity to it, got in via KVM/IP and saw this in the 
syslog:


Feb 10 20:42:51 mail kernel: arp: 209.17.170.1 moved from 00:17:e0:4f:b9:c0 
to 00:13:e0:4f:b9:c0 on re0


My first reaction was that somebody else on the LAN had used my IP address, 
which would have explained the connectivity issues.  However, the IP couldn't 
be pinged and I also noticed that only one number in the address had 
changed...the odds of somebody else having it were long. ifconfig showed the 
I/F down, no carrier.


I rebooted and then it came up with yet a third MAC address, 
00:14:d1:3c:1e:31  Not really even close.  Still no carrier.  Provider swaps 
out the Realtek NIC for a new one and it's working (for now).


Questions that come to mind: could their be a DoS perhaps from a bot or 
c99shell I didn't find?  Even if their was, would it be possible for the 
www user, with no priveleges to even cause this kind of problem?  I had 
disabled suhosin after customers patched their Zen Carts, because it 
interfered with it.


Or...could this be a bug in the re0 driver?  It's just weird.

James Smallacombe PlantageNet, Inc. CEO and Janitor
u...@3.am   http://3.am
=



James Smallacombe PlantageNet, Inc. CEO and Janitor
u...@3.am   http://3.am
=
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: Blocking traffic by Mac address using IPFW

[Tek Bahadur Limbu]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Thu, 25 Jan 2007 08:22:17 -0600
Kevin Kinsey [EMAIL PROTECTED] wrote:

 Tek Bahadur Limbu wrote:
  -BEGIN PGP SIGNED MESSAGE-
  Hash: SHA1
  
  
  Dear All,
  
  I need some help regarding using IPFW to block specific MAC
  addresses. How do I block incoming traffic by a MAC address instead
  of an IP address.
  
  Can this be done using IPFW? Since I am quite new to FreeBSD, can
  somebody shed some light on this issue?
 
 Yes, it appears that ipfw(8) can do this --- check the manpage (quite
 a ways down, in the RULE OPTIONS section [ about byte 45000] for full 
 details; note also that there may be other issues involved.  Here is
 a short thread on the subject from a couple of years ago:
 
 http://lists.freebsd.org/pipermail/freebsd-ipfw/2004-September/001375.html
 
 Disclaimer: IANAE, and don't play one on television ;-)
 
 HTH,
 
 Kevin Kinsey
 -- 
 Heisenberg may have been here.
 

Dear Kevin,

Thanks. I am looking at the links you provided.

- -- 


With best regards and good wishes,

Yours sincerely,

Tek Bahadur Limbu

(TAG/TDG Group)
Jwl Systems Department

Worldlink Communications Pvt. Ltd.

Jawalakhel, Nepal
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2.2 (FreeBSD)

iD8DBQFFvDTfVrOl+eVhOvYRAr8+AJ9cRvI687IxBsQwMsoW+gDRBvxUcwCfV8ed
RjZgBkI1c0m8SlB6cE3jJho=
=PIHo
-END PGP SIGNATURE-
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Blocking traffic by Mac address using IPFW

[Tek Bahadur Limbu]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


Dear All,

I need some help regarding using IPFW to block specific MAC addresses.
How do I block incoming traffic by a MAC address instead of an IP
address.

Can this be done using IPFW? Since I am quite new to FreeBSD, can
somebody shed some light on this issue?




- -- 


With best regards and good wishes,

Yours sincerely,

Tek Bahadur Limbu

(TAG/TDG Group)
Jwl Systems Department

Worldlink Communications Pvt. Ltd.

Jawalakhel, Nepal
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2.2 (FreeBSD)

iD8DBQFFuH/RVrOl+eVhOvYRAhdCAJwLVoPRkuw1gTXosLDsIC0HQUsoYgCeK402
90HvaqCMIcg9T7GzGl1PlDs=
=7Mft
-END PGP SIGNATURE-
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Blocking traffic by Mac address using IPFW

[Kevin Kinsey]

Tek Bahadur Limbu wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


Dear All,

I need some help regarding using IPFW to block specific MAC addresses.
How do I block incoming traffic by a MAC address instead of an IP
address.

Can this be done using IPFW? Since I am quite new to FreeBSD, can
somebody shed some light on this issue?


Yes, it appears that ipfw(8) can do this --- check the manpage (quite a 
ways down, in the RULE OPTIONS section [ about byte 45000] for full 
details; note also that there may be other issues involved.  Here is a 
short thread on the subject from a couple of years ago:


http://lists.freebsd.org/pipermail/freebsd-ipfw/2004-September/001375.html

Disclaimer: IANAE, and don't play one on television ;-)

HTH,

Kevin Kinsey
--
Heisenberg may have been here.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: How to get MAC address using C program

[Jim Stapleton]

Could you exec() ifconfig?

On 5/30/06, girish girishlc [EMAIL PROTECTED] wrote:

  Pls any body tell me how to find out a MAC address in a program,


  Because I want to generate pseudo random number of IP address of some range 
for that MAC address and IP range will be the input and it should give IP 
address according to MAC address as a seed , but if I use difft MAC address 
(i,e for difft host ) it should give difft IP address,


  But if I give first MAC address it should give the same old IP address,


  So pls send me answer as soon as possible code in C and also if possible 
ALGORITHMS pls its very urgent


  Thank you,
  Regards
  Girish.L.C
  [EMAIL PROTECTED]


-
Do you Yahoo!?
 Get on board. You're invited to try the new Yahoo! Mail Beta.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: How to get MAC address using C program

[Norberto Meijome]

On Wed, 31 May 2006 07:43:44 -0400
Jim Stapleton [EMAIL PROTECTED] wrote:

 Could you exec() ifconfig?

at the risk of stating the bleeding obvious, maybe checking the code in
ifconfig would show exactly what the original poster asked... you gotta love
OpenSource ;)
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

How to get MAC address using C program

[girish girishlc]

  Pls any body tell me how to find out a MAC address in a program,
   
   
  Because I want to generate pseudo random number of IP address of some range 
for that MAC address and IP range will be the input and it should give IP 
address according to MAC address as a seed , but if I use difft MAC address 
(i,e for difft host ) it should give difft IP address,
   
   
  But if I give first MAC address it should give the same old IP address, 
   
   
  So pls send me answer as soon as possible code in C and also if possible 
ALGORITHMS pls its very urgent
   
   
  Thank you, 
  Regards 
  Girish.L.C
  [EMAIL PROTECTED]


-
Do you Yahoo!?
 Get on board. You're invited to try the new Yahoo! Mail Beta.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

mac address in install.cfg

[jad]

Hi,

I am doing network installs of FreeBSD 6.0 and I want to place the install 
files in a directory that depends on the mac address of the server being 
installed. In install.cfg I want to specify something like

nfs=10.0.0.1:/var/net_install/files/$MAC_ADDRESS
mediaSetNFS
package=db42-4.2.52_4
packageAdd

Where the target server substitutes $MAC_ADDRESS at install time. Can 
anyone think of a way of doing this?

Thanks
John
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

changing a nic's mac address, freebsd6

[Dave]

Hello,
   I've got an rl0 nic on a freebsd6 machine that i need to change it's mac 
address on a tempoary basis. I will want to change it back when my testing 
is complete. I read this was feasible with opbnbsd, and was wondering if the 
capability was available in fbsd6? Also, does it matter which tempoary mac 
address i give the card?

Thanks.
Dave.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: changing a nic's mac address, freebsd6

[Fabian Keil]

Dave [EMAIL PROTECTED] wrote:

 I've got an rl0 nic on a freebsd6 machine that i need to change
 it's mac address on a tempoary basis. I will want to change it back
 when my testing is complete. I read this was feasible with opbnbsd,
 and was wondering if the capability was available in fbsd6? Also,
 does it matter which tempoary mac address i give the card?

You can use ifconfig rl0 ether $NEWMAC to change the mac address,
ether has been around for a while and doesn't require FreeBSD 6.x.

You're free to choose any address you like, but most of the time
taking a free one (not already taken in your network) makes sense.

Fabian
-- 
http://www.fabiankeil.de/


signature.asc
Description: PGP signature

Re: changing a nic's mac address, freebsd6

[David Kelly]

On Wed, Apr 19, 2006 at 08:33:53AM -0400, Dave wrote:
 Hello,
I've got an rl0 nic on a freebsd6 machine that i need to change it's mac 
 address on a tempoary basis. I will want to change it back when my testing 
 is complete. I read this was feasible with opbnbsd, and was wondering if 
 the capability was available in fbsd6? Also, does it matter which tempoary 
 mac address i give the card?

Presumably if one needed to change a MAC address one would already know
the MAC address one needed to change to. Otherwise make sure you are not
using an address currently in use on your network or the next router
over. Probably best to increment your current MAC by one.

Once Upon A Time I initialized a cable modem connection at a remote
office using my Mac PowerBook then replaced it with a FreeBSD machine
dedicated to serve as that office's router, firewall, and VPN gateway.
Rather than reinitialize the cable modem service with the FreeBSD
interface's MAC I left it using my PowerBook's MAC. The detriment was I
could no longer use my PowerBook in that office because it confused the
FreeBSD machine which saw another using its MAC address.

To set the MAC address before any other networking starts (such as DHCP)
create /etc/start_if.interface name

#/bin/sh
ifconfig interface name lladdr 00:11:22:33:44:55

If you make up an address the first octet probably should be 0 as there
are bits in that field which have special meaning.

-- 
David Kelly N4HHE, [EMAIL PROTECTED]

Whom computers would destroy, they must first drive mad.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: changing a nic's mac address, freebsd6

[Anth Courtney]

Dave,

On 4/19/06, Dave [EMAIL PROTECTED] wrote:
 Hello,
I've got an rl0 nic on a freebsd6 machine that i need to change it's mac
 address on a tempoary basis.

You can do this with ifconfig and the link parameter.

i.e

# /sbin/ifconfig rl0 link $NEWMACADDRESS

cheers,

Anth
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

repeated mac address

[gahn]

Hi:

I have some Intel pro cards and all show up mac
addresses as either 00:a4:c0:91:d2:9c or
00:b4:c0:91:d2:9c under freebsd 5.x. why is that?

Thanks

__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: repeated mac address

[Andrew Pantyukhin]

On 3/11/06, gahn [EMAIL PROTECTED] wrote:
 Hi:

 I have some Intel pro cards and all show up mac
 addresses as either 00:a4:c0:91:d2:9c or
 00:b4:c0:91:d2:9c under freebsd 5.x. why is that?

These do not seem to even belong to Intel. Either the cards
have been hacked or you have some startup script changing
the MACs somehow. You might want to try the NICs on a
different machine.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Fwd: How does carp computes the MAC address of the a certain Virtual IP?

[Matthew Seaman]

Mark Jayson Alvarez wrote:

 How does carp computes the MAC address of the a certain Virtual IP? 
 Perhaps I can set up a route for the virtual IP address manually 
 because the kernel keeps on complaining: arp_trequest: bad gateway 
 (!AF_LINK). This is weired because my carp setup is working for the 
 past 4 days and it suddenly stopped with the above error.

CARP assigns a special MAC address to the virtual IP:

eg. from one of the HA firewall setups we manage at work:

 00:00:5e:00:01:05

The last byte (05 in this case) is set to the VHID parameter you put on
the ifconfig line to initialise the carpN interface -- eg.

   ifconfig carp0 inet 12.34.56.78 255.255.255.0 12.34.56.255 vhid 5 pass 
notTellingYou advskew 1
  ^^^

If you have several pairs of systems on the same network all using carp, you 
need to ensure that they all use distinct vhid values or else chaos will ensue.

Cheers,

Matthew

-- 
Dr Matthew J Seaman MA, D.Phil.   Flat 3
  7 Priory Courtyard
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
  Kent, CT11 9PW, UK
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Fwd: How does carp computes the MAC address of the a certain Virtual IP?

[Mark Jayson Alvarez]

Mark Jayson Alvarez [EMAIL PROTECTED] wrote:
  Date: Sun, 4 Dec 2005 15:59:39 -0800 (PST)
 From: Mark Jayson Alvarez [EMAIL PROTECTED]
 To: freebsd-net@freebsd.org
 Subject: How does carp computes the MAC address of the a certain Virtual IP?
 
  Hi,
 How does carp computes the MAC address of the a certain Virtual IP? Perhaps I 
can set up a route for the virtual IP address manually because the kernel keeps 
on complaining: arp_trequest: bad gateway (!AF_LINK). This is weired because 
my carp setup is working for the past 4 days and it suddenly stopped with the 
above error.
  
  Any idea?
  Thanks
  
   



-
 Yahoo! Personals
 Skip the bars and set-ups and start using Yahoo! Personals for free
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Fwd: How does carp computes the MAC address of the a certain Virtual IP?

[Mark Jayson Alvarez]

Mark Jayson Alvarez [EMAIL PROTECTED] wrote:
  Date: Sun, 4 Dec 2005 15:59:39 -0800 (PST)
 From: Mark Jayson Alvarez [EMAIL PROTECTED]
 To: freebsd-net@freebsd.org
 Subject: How does carp computes the MAC address of the a certain Virtual IP?
 
  Hi,
 How does carp computes the MAC address of the a certain Virtual IP? Perhaps I 
can set up a route for the virtual IP address manually because the kernel keeps 
on complaining: arp_trequest: bad gateway (!AF_LINK). This is weired because 
my carp setup is working for the past 4 days and it suddenly stopped with the 
above error.
  
  Any idea?
  Thanks
  
   



-
 Yahoo! Personals
 Let fate take it's course directly to your email.
 See who's waiting for you Yahoo! Personals
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

ipfw: ALLOWing by mac address

[Foo Ji-Haw]

Hello all,

I'd like your feedback on a problem I have with allowing access through the 
ipfw firewall via mac addresses.

Andrew has a good point on mac address spoofing. I agree with him on the 
security concern, but for the situation that I am setting up, that's ok. But I 
really need to open the firewall via mac address.

Let me detail my setup:
dc0 is the interface to the Internet
vr0 is the interface to the managed network

I tried to read up on ipfw rules on mac, and I got something like this:
allow ip from any to any MAC any 00:90:d1:00:80:00/33

It does not work of course, but ipfw accepted the command. Basically I need the 
client with the mac address to be able to go pass the firewall in totality.

Can anyone enlighten me on the correct format? Thanks in advance.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: ipfw: ALLOWing by mac address

[Andrew P.]

On 10/5/05, Foo Ji-Haw [EMAIL PROTECTED] wrote:
 Hello all,

 I'd like your feedback on a problem I have with allowing access through the 
 ipfw firewall via mac addresses.

 Andrew has a good point on mac address spoofing. I agree with him on the 
 security concern, but for the situation that I am setting up, that's ok. But 
 I really need to open the firewall via mac address.

 Let me detail my setup:
 dc0 is the interface to the Internet
 vr0 is the interface to the managed network

 I tried to read up on ipfw rules on mac, and I got something like this:
 allow ip from any to any MAC any 00:90:d1:00:80:00/33

 It does not work of course, but ipfw accepted the command. Basically I need 
 the client with the mac address to be able to go pass the firewall in 
 totality.

 Can anyone enlighten me on the correct format? Thanks in advance.

Thanks for the credit :-)

see man ipfw, particularly the PACKET FLOW section

Try this:

allow ip from any to any layer2 out MAC any 00:90:d1:00:80:00/33
allow ip from any to any layer2 in MAC 00:90:d1:00:80:00/33 any
allow ip from any to any layer2 via trusted-if
deny ip from any to any layer2
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: MAC address rc.conf

[luke]

a better solution to this is to call your isp and tell them your
network card died so you got a new one with MAC address of the freebsd
machine. they can reset the MAC they have on their end and you'll be
alright. also, sometimes the modem is storing the MAC so you can
either reset it if it has a switch or power it down for about 10
minutes to erase its memory. if you do this you'll have to reenter
your pppoe info though so make sure you have it. good luck.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

MAC address rc.conf

[Peter]

   Hi,
   My ISP have aauthorization by username, password AND mac address.
   I currently make PPPoE connection from my laptop(win XP) to them.
   However I want to put FreeBSD router in front of my laptop.
   That is why I will need to make MAC address of outgoing ethernet card
   same as my laptop.
   I plan to make bash script(ifconfig down, ifconfig up)  for that
   purpose.
   However I prefer a little bit cleaner solution ...
is there any way I can set MAC address for the network card in
   rc.conf ?
   Thanks :-)))
   Kind regards,
   Pete
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: MAC address rc.conf

[Bob Bomar]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Peter wrote:
|Hi,
|My ISP have aauthorization by username, password AND mac address.
|I currently make PPPoE connection from my laptop(win XP) to them.
|However I want to put FreeBSD router in front of my laptop.
|That is why I will need to make MAC address of outgoing ethernet card
|same as my laptop.
|I plan to make bash script(ifconfig down, ifconfig up)  for that
|purpose.
|However I prefer a little bit cleaner solution ...
| is there any way I can set MAC address for the network card in
|rc.conf ?
|Thanks :-)))
|Kind regards,
|Pete
|

When the system boots, it will read rc.conf, and then
it will pass the ifconfig_inf=... to ifconfig, so
what I do is just to add ether aa:bb:cc:dd:ee:ff to
that line:

ifconfig_fxp0=inet 1.2.3.4 netmask 255.0.0.0 ether aa:bb:cc:dd:ee:ff



- --
Bob Bomar
[EMAIL PROTECTED]
http://www.bomar.us/~bob
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (Darwin)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCralK9Jm/aTrtdKoRAlFFAJ93Y0XL7OMbJcdhFvBxQP3XEtzP6QCeOHIQ
8m1uyAMjW8F1SW0E/HNYFBA=
=d5HD
-END PGP SIGNATURE-
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

RE: MAC address rc.conf

[John Brooks]

just curious...

what happens when your 'router' and your 'laptop' both have the
same MAC address?

--
John Brooks
[EMAIL PROTECTED]

 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] Behalf Of Bob Bomar
 Sent: Monday, June 13, 2005 10:42 AM
 To: Peter; [EMAIL PROTECTED]
 Subject: Re: MAC address  rc.conf


 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1

 Peter wrote:
 |Hi,
 |My ISP have aauthorization by username, password AND mac address.
 |I currently make PPPoE connection from my laptop(win XP) to them.
 |However I want to put FreeBSD router in front of my laptop.
 |That is why I will need to make MAC address of outgoing ethernet card
 |same as my laptop.
 |I plan to make bash script(ifconfig down, ifconfig up)  for that
 |purpose.
 |However I prefer a little bit cleaner solution ...
 | is there any way I can set MAC address for the network card in
 |rc.conf ?
 |Thanks :-)))
 |Kind regards,
 |Pete
 |

 When the system boots, it will read rc.conf, and then
 it will pass the ifconfig_inf=... to ifconfig, so
 what I do is just to add ether aa:bb:cc:dd:ee:ff to
 that line:

 ifconfig_fxp0=inet 1.2.3.4 netmask 255.0.0.0 ether aa:bb:cc:dd:ee:ff



 - --
 Bob Bomar
 [EMAIL PROTECTED]
 http://www.bomar.us/~bob
 -BEGIN PGP SIGNATURE-
 Version: GnuPG v1.2.4 (Darwin)
 Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

 iD8DBQFCralK9Jm/aTrtdKoRAlFFAJ93Y0XL7OMbJcdhFvBxQP3XEtzP6QCeOHIQ
 8m1uyAMjW8F1SW0E/HNYFBA=
 =d5HD
 -END PGP SIGNATURE-
 ___
 freebsd-questions@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/freebsd-questions
 To unsubscribe, send any mail to
 [EMAIL PROTECTED]


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: MAC address rc.conf

[Peter]

   I am also curios and I will found out :)
   Peter
   John Brooks wrote:

just curious...

what happens when your 'router' and your 'laptop' both have the
same MAC address?

--
John Brooks
[EMAIL PROTECTED]



-Original Message-
From: [EMAIL PROTECTED]
[[3]mailto:[EMAIL PROTECTED] Behalf Of Bob Bomar
Sent: Monday, June 13, 2005 10:42 AM
To: Peter; [EMAIL PROTECTED]
Subject: Re: MAC address  rc.conf


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Peter wrote:
|Hi,
|My ISP have aauthorization by username, password AND mac address.
|I currently make PPPoE connection from my laptop(win XP) to them.
|However I want to put FreeBSD router in front of my laptop.
|That is why I will need to make MAC address of outgoing ethernet card
|same as my laptop.
|I plan to make bash script(ifconfig down, ifconfig up)  for that
|purpose.
|However I prefer a little bit cleaner solution ...
| is there any way I can set MAC address for the network card in
|rc.conf ?
|Thanks :-)))
|Kind regards,
|Pete
|

When the system boots, it will read rc.conf, and then
it will pass the ifconfig_inf=... to ifconfig, so
what I do is just to add ether aa:bb:cc:dd:ee:ff to
that line:

ifconfig_fxp0=inet 1.2.3.4 netmask 255.0.0.0 ether aa:bb:cc:dd:ee:ff



- --
Bob Bomar
[EMAIL PROTECTED]
[6]http://www.bomar.us/~bob
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (Darwin)
Comment: Using GnuPG with Thunderbird - [7]http://enigmail.mozdev.org

iD8DBQFCralK9Jm/aTrtdKoRAlFFAJ93Y0XL7OMbJcdhFvBxQP3XEtzP6QCeOHIQ
8m1uyAMjW8F1SW0E/HNYFBA=
=d5HD
-END PGP SIGNATURE-
___
[EMAIL PROTECTED] mailing list
[9]http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
[10][EMAIL PROTECTED]



___
[EMAIL PROTECTED] mailing list
[12]http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [13][EMAIL PROTECTED]


References

   1. mailto:[EMAIL PROTECTED]
   2. mailto:[EMAIL PROTECTED]
   3. mailto:[EMAIL PROTECTED]
   4. mailto:[EMAIL PROTECTED]
   5. mailto:[EMAIL PROTECTED]
   6. http://www.bomar.us/~bob
   7. http://enigmail.mozdev.org/
   8. mailto:freebsd-questions@freebsd.org
   9. http://lists.freebsd.org/mailman/listinfo/freebsd-questions
  10. mailto:[EMAIL PROTECTED]
  11. mailto:freebsd-questions@freebsd.org
  12. http://lists.freebsd.org/mailman/listinfo/freebsd-questions
  13. mailto:[EMAIL PROTECTED]
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: MAC address rc.conf

[Bob Bomar]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Peter wrote:
|I am also curios and I will found out :)
|Peter
|John Brooks wrote:
|
| just curious...
|
| what happens when your 'router' and your 'laptop' both have the
| same MAC address?
|
| --
| John Brooks
| [EMAIL PROTECTED]
|
|
|
| -Original Message-
| From: [EMAIL PROTECTED]
| [[3]mailto:[EMAIL PROTECTED] Behalf Of Bob Bomar
| Sent: Monday, June 13, 2005 10:42 AM
| To: Peter; [EMAIL PROTECTED]
| Subject: Re: MAC address  rc.conf
|
|
| Peter wrote:
| |Hi,
| |My ISP have aauthorization by username, password AND mac address.
| |I currently make PPPoE connection from my laptop(win XP) to them.
| |However I want to put FreeBSD router in front of my laptop.
| |That is why I will need to make MAC address of outgoing ethernet card
| |same as my laptop.
| |I plan to make bash script(ifconfig down, ifconfig up)  for that
| |purpose.
| |However I prefer a little bit cleaner solution ...
| | is there any way I can set MAC address for the network card in
| |rc.conf ?
| |Thanks :-)))
| |Kind regards,
| |Pete
| |
|
| When the system boots, it will read rc.conf, and then
| it will pass the ifconfig_inf=... to ifconfig, so
| what I do is just to add ether aa:bb:cc:dd:ee:ff to
| that line:
|
| ifconfig_fxp0=inet 1.2.3.4 netmask 255.0.0.0 ether aa:bb:cc:dd:ee:ff
|

Just add a similar line to the laptop, and change it by
one number i.e.:

00:11:22:33:44:55 Router
00:11:22:33:44:56 Laptop

- --
Bob Bomar
[EMAIL PROTECTED]
http://www.bomar.us/~bob
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (Darwin)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCrd9C9Jm/aTrtdKoRAt6FAJ934JhWAEI1WbvWy5st+wwXWAE7wACggIuh
qMKwAgd+pwP6E1d6J/uaTEo=
=fGL8
-END PGP SIGNATURE-
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

changing network card MAC address

[M. L. Dodson]

Just set up a new box (5.4-RELEASE) as a home gateway and had to
change the network card MAC address that does DHCP through the
cable modem.  I put the following in /etc/rc.early, but this seems
inelegant and possibly deprecated.  What is the proper way to do
this on a DHCP interface?

ifconfig rl1 ether 'aa:bb:cc:dd:ee:ff'

Thanks
-- 
M. L. Dodson[EMAIL PROTECTED]
409-772-2178FAX: 409-772-1790

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: changing network card MAC address

[Christopher Black]

Check out /etc/dhclient.conf.  The options are described in 'man 5
dhclient.conf'


On Sun, 2005-06-12 at 17:26 -0500, M. L. Dodson wrote:
 Just set up a new box (5.4-RELEASE) as a home gateway and had to
 change the network card MAC address that does DHCP through the
 cable modem.  I put the following in /etc/rc.early, but this seems
 inelegant and possibly deprecated.  What is the proper way to do
 this on a DHCP interface?
 
 ifconfig rl1 ether 'aa:bb:cc:dd:ee:ff'
 
 Thanks
-- 
Christopher Black
Chief Security Engineer
Secure Crossing
22750 Woodward Suite 304 - Ferndale, MI 48220
Tel (800) 761-4299 | Direct (248) 658-6120
[EMAIL PROTECTED] | www.securecrossing.com


signature.asc
Description: This is a digitally signed message part

Re: changing network card MAC address

[David Kelly]

On Jun 12, 2005, at 5:26 PM, M. L. Dodson wrote:


Just set up a new box (5.4-RELEASE) as a home gateway and had to
change the network card MAC address that does DHCP through the
cable modem.  I put the following in /etc/rc.early, but this seems
inelegant and possibly deprecated.  What is the proper way to do
this on a DHCP interface?

ifconfig rl1 ether 'aa:bb:cc:dd:ee:ff'


Go look at ifscript_up() in /etc/network.subr. What you want to do is  
put the above line in /etc/start_if.rl1 (just rename it, I'm  
guessing) and it will magically be applied before DHCP gets to it.


If it wasn't for DHCP you could put it on the appropriate ifconfig  
line in /etc/rc.conf.


--
David Kelly N4HHE, [EMAIL PROTECTED]

Whom computers would destroy, they must first drive mad.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: changing network card MAC address

[M. L. Dodson]

On Sunday 12 June 2005 17:32, Christopher Black wrote:
 Check out /etc/dhclient.conf.  The options are described in 'man 5
 dhclient.conf'

 On Sun, 2005-06-12 at 17:26 -0500, M. L. Dodson wrote:
  Just set up a new box (5.4-RELEASE) as a home gateway and had to
  change the network card MAC address that does DHCP through the
  cable modem.  I put the following in /etc/rc.early, but this seems
  inelegant and possibly deprecated.  What is the proper way to do
  this on a DHCP interface?
 
  ifconfig rl1 ether 'aa:bb:cc:dd:ee:ff'
 
  Thanks

Renaming /etc/rc.early to /etc/dhclient-enter-hooks works (as
I am sure renaming it to /etc/start_if.rl1 would have done).  Thanks
for the responses!

-- 
M. L. Dodson[EMAIL PROTECTED]
409-772-2178FAX: 409-772-1790

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: blocking MAC address with ipfw ?

[Sandy Rutherford]

 On Mon, 02 May 2005 20:26:03 -0700, 
 John Pettitt [EMAIL PROTECTED] said:

  faisal gillani wrote:
  faisal gillani wrote:
  
  how can i block a MAC address with ipfw ?
  can you share the syntax please ?
  
  
  thanks
  
  man ipfw reveals ...

  { MAC | mac } dst-mac src-mac
   Match packets with a given dst-mac and src-mac addresses,
  speci-
  ...

You also need to make sure that the sysctl variable
net.link.ether.ipfw is set to 1 to enable layer 2 checks.

Sandy
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

blocking MAC address with ipfw ?

[faisal gillani]

how can i block a MAC address with ipfw ?
can you share the syntax please ?


thanks


*º¤., ¸¸,.¤º*¨¨¨*¤ Allah-hu-Akber*º¤., ¸¸,.¤º*¨¨*¤
God is the Greatest




__ 
Do you Yahoo!? 
Yahoo! Mail - now with 250MB free storage. Learn more. 
http://info.mail.yahoo.com/mail_250
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: blocking MAC address with ipfw ?

[John Pettitt]

faisal gillani wrote:

 faisal gillani wrote:

how can i block a MAC address with ipfw ?
can you share the syntax please ?


thanks

man ipfw reveals ...

{ MAC | mac } dst-mac src-mac
 Match packets with a given dst-mac and src-mac addresses,
speci-
 fied as the any keyword (matching any MAC address), or six
groups
 of hex digits separated by colons, and optionally followed by a
 mask indicating the significant bits.  The mask may be
specified
 using either of the following methods:

 1.  A slash (/) followed by the number of significant bits.
 For example, an address with 33 significant bits
could be
 specified as:

   MAC 10:20:30:40:50:60/33 any

 2.  An ampersand () followed by a bitmask specified as six
 groups of hex digits separated by colons.  For example,
 an address in which the last 16 bits are significant
 could be specified as:

   MAC 10:20:30:40:50:6000:00:00:00:ff:ff any

 Note that the ampersand character has a special meaning
 in many shells and should generally be escaped.

 Note that the order of MAC addresses (destination first, source
 second) is the same as on the wire, but the opposite of the one
 used for IP addresses.



So

 ipfw add 999 deny MAC any 10:20:30:40:50:60/33

would be a valid rule.



*º¤., ¸¸,.¤º*¨¨¨*¤ Allah-hu-Akber*º¤., ¸¸,.¤º*¨¨*¤
God is the Greatest



   
__ 
Do you Yahoo!? 
Yahoo! Mail - now with 250MB free storage. Learn more. 
http://info.mail.yahoo.com/mail_250
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

  

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Can't change MAC address of my WAG311

[FreeBSD Daemon]

dear list,
I am operating a Netgear WAG311 (Atheros AR5212) under FBSD 5.3 Release.
I tried to change the MAC address of the device using
   root# ifconfig ath0 ether aa:bb:cc:dd:ee:ff
which changed the MAC address in the ifconfig ath0 output. But wicontrol 
-i ath0 still showed the old (original) MAC address and that MAC address 
also is being used on the network.

Trying to change the MAC address using
   root# wicontrol -i ath0 -m aa:bb:cc:dd:ee:ff
results in a
   wicontrol: SIOCSWAVELAN: Invalid Argument
error message.
Am I doing something wrong?
TIA
zheyu
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Can't change MAC address of my WAG311

[FreeBSD Daemon]

Ben Pratt wrote:
I would forward this to the list but I don't want to get the bounces 
for 3 days because I can't get reverse lookup going.

I've attached a script that you should try.
Ben
FreeBSD Daemon wrote:
dear list,
I am operating a Netgear WAG311 (Atheros AR5212) under FBSD 5.3 Release.
I tried to change the MAC address of the device using
   root# ifconfig ath0 ether aa:bb:cc:dd:ee:ff
which changed the MAC address in the ifconfig ath0 output. But 
wicontrol -i ath0 still showed the old (original) MAC address and 
that MAC address also is being used on the network.

Trying to change the MAC address using
   root# wicontrol -i ath0 -m aa:bb:cc:dd:ee:ff
results in a
   wicontrol: SIOCSWAVELAN: Invalid Argument
error message.
Am I doing something wrong?
TIA
zheyu
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to 
[EMAIL PROTECTED]

#!/usr/local/bin/bash
# Version 2.1
# By Ben
# Thanks to Venom for suggesting Apple and joining FreeBSD and Linux
echo What interface? [ath0]
read interface
if [ $interface =  ]
then
 interface=ath0
fi
company=0
until [ $company -eq 1 -o $company -eq 2 -o $company -eq 3 -o $company -eq 4 -o 
$company -eq 5 -o $company -eq 6 ]; do
 echo Card Company to impersonate?
 echo  1) 3Com
 echo  2) Apple
 echo  3) D-Link
 echo  4) Intel
 echo  5) Linksys
 echo  6) Netgear
 read company
done
front=
back=
new=
case $company in
'1')
 # Random 3Com Card
 number=0
 while [ $number -le 0 ]
 do
   number=$RANDOM
   let number %= 14
 done
 echo Number: $number
 case $number in
 '1')
   front=00:01:02:
   ;;
 '2')
   front=00:01:03:
   ;;
 '3')
   front=00:10:4B:
   ;;
 '4')
   front=00:10:5A:
   ;;
 '5')
   front=00:20:AF:
   ;;
 '6')
   front=00:50:04:
   ;;
 '7')
   front=00:50:DA:
   ;;
 '8')
   front=00:60:08:
   ;;
 '9')
   front=00:60:8C:
   ;;
 '10')
   front=00:60:97:
   ;;
 '11')
   front=00:A0:24:
   ;;
 '12')
   front=02:60:8C:
   ;;
 '13')
   front=02:C0:8C:
   ;;
  * )
   echo Error
   exit 0
   ;;
 esac
 ;;
'2')
 # Random Apple Card
 number=0
 while [ $number -le 0 ]
 do
   number=$RANDOM
   let number %= 6
 done
 echo Number: $number
 case $number in
 '1')
   front=00:05:02:
   ;;
 '2')
   front=00:30:65:
   ;;
 '3')
   front=00:50:E4:
   ;;
 '4')
   front=00:A0:40:
   ;;
 '5')
   front=08:00:07:
   ;;
  * )
   echo Error
   exit 0
   ;;
 esac
 ;;
'3')
 # Random D-Link Card
 front=00:05:5D:
 ;;
'4')
 # Random Intel Card
 number=0
 while [ $number -le 0 ]
 do
   number=$RANDOM
   let number %= 9
 done
 echo Number: $number
 case $number in
 '1')
   front=00:02:B3:
   ;;
 '2')
   front=00:03:47:
   ;;
 '3')
   front=00:04:23:
   ;;
 '4')
   front=00:07:E9:
   ;;
 '5')
   front=00:0C:F1:
   ;;
 '6')
   front=00:0E:0C:
   ;;
 '7')
   front=00:11:11:
   ;;
 '8')
   front=00:20:7B:
   ;;
  * )
   echo Error
   exit 0
   ;;
 esac
 ;;
'5')
 # Random Linksys Card
 number=0
 while [ $number -le 0 ]
 do
   number=$RANDOM
   let number %= 4
 done
 echo Number: $number
 case $number in
 '1')
   front=00:04:5A:
   ;;
 '2')
   front=00:06:25:
   ;;
 '3')
   front=00:0C:41:
   ;;
  * )
   echo Error
   exit 0
   ;;
 esac
 ;;
'6')
 # Random Netgear Card
 front=00:09:5B:
 ;;
'7')
 # Random Card
 ;;
esac
count=0
colon=0
colons=1
while [ $count -lt 6 ]
do
Numbers=0
1
2
3
4
5
6
7
8
9
A
B
C
D
E
F
# Read into array variable.
number=($Numbers)
# Count how many elements.
num_numbers=${#number[*]}
new=${number[$((RANDOM%num_numbers))]}
back=$back$new
if [ $colon -gt 0 ]  [ $colons -lt 3 ]
then
 new=:
 back=$back$new
 let colon-=1
 let colons+=1
else
 let colon+=1
fi
let count+=1
done
address=$front$back
OS=0
until [ $OS -eq 1 -o $OS -eq 2 ]; do
 echo What OS??
 echo  1) FreeBSD
 echo  2) Linux
 read OS
done
case $OS in
'1')
 ifconfig $interface down
 ifconfig $interface link $address
 ifconfig $interface up
 ;;
'2')
 ifconfig $interface down
 ifconfig $interface ether $address
 ifconfig $interface up
 ;;
* )
 exit 0
 ;;
esac
echo Your new MAC is: $address
exit 0
 

Well, thanks for the script, BUT as I wrote ifconfig is working.
The misunderstanding was probably cause by me not explicitly pointing 
out that aa:bb:cc:dd:ee:ff stands for a real MAC (00:01:f4:xx:yy:zz) 
and is not to be taken literally. SORRY!

Again, ifconfig is working and the MAC changes in the ifconfig output 
... athough the card doesn't honour the change and keeps on using the 
old (original) MAC. wicontrol dosn't even hounour the change in its 
output and keeps displaying the Old (original) MAC. And trying to change 
the MAC using wicontrol results in the error wicontrol: SIOCSWAVELAN: 
Invalid Argument.

zheyu
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

RE: Change MAC address of LAN card in rc.conf. How?

[Ted Mittelstaedt]

 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] Behalf Of Rob
 Sent: Sunday, February 27, 2005 6:01 PM
 To: [EMAIL PROTECTED]
 Cc: FreeBSD questions
 Subject: Re: Change MAC address of LAN card in rc.conf. How?
 
 
 
 --- Michael Grant [EMAIL PROTECTED] wrote:
 
  Just curious, why would you ever need to change your
  mac address?
 
 In my university network, IP numbers must match a
 previously registered MAC address, otherwise the IP
 number is blocked. So our group has a list of IP
 numbers, that each only work with a specific MAC
 address.
 

Yeah, the network admins do that to prevent people spoofing
IP addresses to try attacking other computers.

Of course, it's stupid since you can spoof the mac and
attack away.

 When shifting around computers and IP addresses, it
 is easier to fake the MAC address to what I need,
 than to start a procedure with the computer center
 to change the MAC address of a certain IP number.
 

One of these days you need to start spoofing the mac of
the default gateway they are using, and I would suspect
after a few weeks or months of that they will jettison the
whole register MAC address procedure.

Recording the MAC address only has validity when they are
assigning a specific MAC to a specific hardware port on the
switch by using intelligent switches that filter.  But if they
are using dumb hubs then they are just being idiots and
making work for themselves.

 I manage to do this easily on my FreeBSD PCs.
 
 However, my colleagues are suprised and ask me how
 to do this on their MS-Windows systems.
 

It's incredibly easy to do, just go into driver properties
for just about every network driver ever written for Windows.
Of course, this illustrates perfectly the absurdity of
continually trying to make computers easier and easier and
easier to use with a GUI - no matter how much simpler you
make it, the people you are trying to serve will always outrace
you in ignorance.

Ted
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Change MAC address of LAN card in rc.conf. How?

[Rob]

Hi,

I'm running 5.3 STABLE.

I need to change the MAC address of my PC.

I know it can be done like this:

   ifconfig rl0 ether 11:22:33:44:55:66

So I guessed I could make life a little easier by
adding this in my /etc/rc.conf file as:

ifconfig_rl0=inet 192.168.123.2 netmask 255.255.255.0
ether 11:22:33:44:55:66

However, this does not seem to work. No IP address
is assigned to the LAN card after bootup.
Apparently something is wrong here.
Any idea how I can do this at bootup?

Thanks,
Rob.

__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Change MAC address of LAN card in rc.conf. How?

[J65nko BSD]

On Sun, 27 Feb 2005 05:54:49 -0800 (PST), Rob [EMAIL PROTECTED] wrote:
 
 Hi,
 
 I'm running 5.3 STABLE.
 
 I need to change the MAC address of my PC.
 
 I know it can be done like this:
 
ifconfig rl0 ether 11:22:33:44:55:66
 
 So I guessed I could make life a little easier by
 adding this in my /etc/rc.conf file as:
 
 ifconfig_rl0=inet 192.168.123.2 netmask 255.255.255.0
 ether 11:22:33:44:55:66
 
 However, this does not seem to work. No IP address
 is assigned to the LAN card after bootup.
 Apparently something is wrong here.
 Any idea how I can do this at bootup?
 

echo 'ifconfig rl0 ether 11:22:33:44:55:66' /etc/start_if.rl0

=Adriaan=
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Change MAC address of LAN card in rc.conf. How?

[Volodymyr Kostyrko]

Rob wrote:
I'm running 5.3 STABLE.
I need to change the MAC address of my PC.
I know it can be done like this:
   ifconfig rl0 ether 11:22:33:44:55:66
So I guessed I could make life a little easier by
adding this in my /etc/rc.conf file as:
ifconfig_rl0=inet 192.168.123.2 netmask 255.255.255.0
ether 11:22:33:44:55:66
However, this does not seem to work. No IP address
is assigned to the LAN card after bootup.
Apparently something is wrong here.
Any idea how I can do this at bootup?
  ifconfig_rl0_alias0=ether 11:22:33:44:55:66
--
[WBR], Arcade. [SAT Astronomy/Think to survive!]
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Change MAC address of LAN card in rc.conf. How?

[Rob]

Volodymyr Kostyrko wrote:
 Rob wrote:
 
 I'm running 5.3 STABLE.

 I need to change the MAC address of my PC.

 I know it can be done like this:

ifconfig rl0 ether 11:22:33:44:55:66

 So I guessed I could make life a little easier by
 adding this in my /etc/rc.conf file as:

 ifconfig_rl0=inet 192.168.123.2 netmask
 255.255.255.0 ether 11:22:33:44:55:66

 However, this does not seem to work. No IP address
 is assigned to the LAN card after bootup.
 Apparently something is wrong here.
 Any idea how I can do this at bootup?

   ifconfig_rl0_alias0=ether 11:22:33:44:55:66

That works indeed. Thanks so much!

Rob.



__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Change MAC address of LAN card in rc.conf. How?

[Rob]

--- Michael Grant [EMAIL PROTECTED] wrote:

 Just curious, why would you ever need to change your
 mac address?

In my university network, IP numbers must match a
previously registered MAC address, otherwise the IP
number is blocked. So our group has a list of IP
numbers, that each only work with a specific MAC
address.

When shifting around computers and IP addresses, it
is easier to fake the MAC address to what I need,
than to start a procedure with the computer center
to change the MAC address of a certain IP number.

I manage to do this easily on my FreeBSD PCs.

However, my colleagues are suprised and ask me how
to do this on their MS-Windows systems.

Rob.



__ 
Do you Yahoo!? 
Yahoo! Sports - Sign up for Fantasy Baseball. 
http://baseball.fantasysports.yahoo.com/
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

MAC Address

[Anderson Wagner]

I have a firewall running on a FreeBSD 4.10-STABLE with ipfw.

My firewall is working very well, but i started to log the rules and
somethig strange appears in the log

Jan 28 10:44:15 host /kernel: ipfw: 880 Accept MAC in via fxp1
Jan 28 10:44:15 host /kernel: ipfw: 880 Accept MAC in via fxp1
Jan 28 10:44:15 host /kernel: ipfw: 880 Accept MAC in via rl1
Jan 28 10:44:15 host /kernel: ipfw: 880 Accept MAC in via rl1
Jan 28 10:44:16 host /kernel: ipfw: 880 Accept MAC in via fxp1

what is it 
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: MAC Address

[Hexren]

AW I have a firewall running on a FreeBSD 4.10-STABLE with ipfw.

AW My firewall is working very well, but i started to log the rules and
AW somethig strange appears in the log

AW Jan 28 10:44:15 host /kernel: ipfw: 880 Accept MAC in via fxp1
AW Jan 28 10:44:15 host /kernel: ipfw: 880 Accept MAC in via fxp1
AW Jan 28 10:44:15 host /kernel: ipfw: 880 Accept MAC in via rl1
AW Jan 28 10:44:15 host /kernel: ipfw: 880 Accept MAC in via rl1
AW Jan 28 10:44:16 host /kernel: ipfw: 880 Accept MAC in via fxp1

AW what is it 
AW ___
AW freebsd-questions@freebsd.org mailing list
AW http://lists.freebsd.org/mailman/listinfo/freebsd-questions
AW To unsubscribe, send any mail to [EMAIL PROTECTED]

-

Rule 880 is logging and says that it accepted a MAC in via an
interface.

Maybe it would help if you told us what rulle 880 actually is...

btw: you're right it is working very well if its purpose is to let MAC
in ;)

Regards
Hexren

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

How to get MAC address using C program

[Dennis George]

Hi,
 
Can anybody help me out to retrieve MAC address of my machine... using a C 
program  I gave it a try using ioctl but not getting the correct 
result.. Following is my code..
 
int main()
{
..
struct ifr_req ifr ;
 
   strcpy(ifr.ifr_name, rl0);
if( ioctl(s, SIOCGIFADDR, ifr)  0 ) {
cout  Error  endl ;
return 0 ;
}
 
printf(ADDR(%s) = ) ;
for(int i = 0; i  6; i++) {
printf(%x :, ifr.ifr_addr.sa_data[i] ) ;
}
 

its not printing the correct result
 
Thanks in advance
Dennis

__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Mac Address Spoofing(!)

[Luke Kearney]

On , 2004-11-07 at 06:58, eddie dandrades wrote:
 Hello guys,
 
  I've set out to spoof my gateway's mac address so that I can get a
 new ip address from my cable ISP without having to unplug my modem for
 24 hours as they suggested (and is understandable, thats how long
 their DHCP lease last). I've tried several things, one of which is
 following the instructions here
 http://ezine.daemonnews.org/200406/netgraph.html - I also tried doing:
 ifconfig xl0 hw ether 00:00:00:00:00 to no avail.
 
 I'm just wondering if anyone on this list knows of a way to do it
 successfully or can provide me with a link to some useful
 documentation.
 
 
 Thanks guys!
 
 
 gabriel

Just a thought but many around me have broadband modems from their ISP's
and they faced the same problem you describe and their ISP told them to
disconnect for 2 to 3 hrs but that is hardly workable. The solution was
to reboot the modem. The modem cached the MAC address on the client side
not the ISP's DHCP server. Would that work better in your situation
rather than trying to spoof MAC addresses ?

HTH

LukeK


___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Mac Address Spoofing(!)

[gabriel]

I tried the resetting for 24 hours (unplugging it from power), tried
to have my isp give me different modem configuration files, no go, my
modem just liked my mac, after following the instructions given I was
able to acquire a new ip address, so far, no harm done.

Cheers!

On Sun, 07 Nov 2004 21:14:23 +0900, Luke Kearney [EMAIL PROTECTED] wrote:
 On , 2004-11-07 at 06:58, eddie dandrades wrote:
 
 
  Hello guys,
 
   I've set out to spoof my gateway's mac address so that I can get a
  new ip address from my cable ISP without having to unplug my modem for
  24 hours as they suggested (and is understandable, thats how long
  their DHCP lease last). I've tried several things, one of which is
  following the instructions here
  http://ezine.daemonnews.org/200406/netgraph.html - I also tried doing:
  ifconfig xl0 hw ether 00:00:00:00:00 to no avail.
 
  I'm just wondering if anyone on this list knows of a way to do it
  successfully or can provide me with a link to some useful
  documentation.
 
 
  Thanks guys!
 
 
  gabriel
 
 Just a thought but many around me have broadband modems from their ISP's
 and they faced the same problem you describe and their ISP told them to
 disconnect for 2 to 3 hrs but that is hardly workable. The solution was
 to reboot the modem. The modem cached the MAC address on the client side
 not the ISP's DHCP server. Would that work better in your situation
 rather than trying to spoof MAC addresses ?
 
 HTH
 
 LukeK
 
 


-- 
gabriel,

Member of:
FreeBSD-Announce
FreeBSD-Hardware
FreeBSD-Multimedia
FreeBSD-questions
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

RE: Mac Address Spoofing(!)

[Ara]

Hello
(BThere should be a file containing info about your network card. So if you vi
(Bthe file and change the Mac to the one you need, and reboot, then you should
(Bget the new ip. My isp is like yours, dhcp but based on mac address. I can't
(Bremember the location of file containing the network card configuration
(B
(B-Original Message-
(BFrom: [EMAIL PROTECTED]
(B[mailto:[EMAIL PROTECTED] On Behalf Of gabriel
(BSent: November 7, 2004 10:27 AM
(BTo: [EMAIL PROTECTED]
(BCc: [EMAIL PROTECTED]
(BSubject: Re: Mac Address Spoofing(!)
(B
(BI tried the resetting for 24 hours (unplugging it from power), tried
(Bto have my isp give me different modem configuration files, no go, my
(Bmodem just liked my mac, after following the instructions given I was
(Bable to acquire a new ip address, so far, no harm done.
(B
(BCheers!
(B
(BOn Sun, 07 Nov 2004 21:14:23 +0900, Luke Kearney [EMAIL PROTECTED] wrote:
(B On $BF|(B, 2004-11-07 at 06:58, eddie dandrades wrote:
(B 
(B 
(B  Hello guys,
(B 
(B   I've set out to spoof my gateway's mac address so that I can get a
(B  new ip address from my cable ISP without having to unplug my modem for
(B  24 hours as they suggested (and is understandable, thats how long
(B  their DHCP lease last). I've tried several things, one of which is
(B  following the instructions here
(B  http://ezine.daemonnews.org/200406/netgraph.html - I also tried doing:
(B  ifconfig xl0 hw ether 00:00:00:00:00 to no avail.
(B 
(B  I'm just wondering if anyone on this list knows of a way to do it
(B  successfully or can provide me with a link to some useful
(B  documentation.
(B 
(B 
(B  Thanks guys!
(B 
(B 
(B  gabriel
(B 
(B Just a thought but many around me have broadband modems from their ISP's
(B and they faced the same problem you describe and their ISP told them to
(B disconnect for 2 to 3 hrs but that is hardly workable. The solution was
(B to reboot the modem. The modem cached the MAC address on the client side
(B not the ISP's DHCP server. Would that work better in your situation
(B rather than trying to spoof MAC addresses ?
(B 
(B HTH
(B 
(B LukeK
(B 
(B 
(B
(B
(B-- 
(Bgabriel,
(B
(BMember of:
(BFreeBSD-Announce
(BFreeBSD-Hardware
(BFreeBSD-Multimedia
(BFreeBSD-questions
(B___
([EMAIL PROTECTED] mailing list
(Bhttp://lists.freebsd.org/mailman/listinfo/freebsd-questions
(BTo unsubscribe, send any mail to "[EMAIL PROTECTED]"
(B
(B
(B
(B___
([EMAIL PROTECTED] mailing list
(Bhttp://lists.freebsd.org/mailman/listinfo/freebsd-questions
(BTo unsubscribe, send any mail to "[EMAIL PROTECTED]"

Mac Address Spoofing(!)

[eddie dandrades]

Hello guys,

 I've set out to spoof my gateway's mac address so that I can get a
new ip address from my cable ISP without having to unplug my modem for
24 hours as they suggested (and is understandable, thats how long
their DHCP lease last). I've tried several things, one of which is
following the instructions here
http://ezine.daemonnews.org/200406/netgraph.html - I also tried doing:
ifconfig xl0 hw ether 00:00:00:00:00 to no avail.

I'm just wondering if anyone on this list knows of a way to do it
successfully or can provide me with a link to some useful
documentation.


Thanks guys!


gabriel
Member of:
FreeBSD-Announce
FreeBSD-Hardware
FreeBSD-Multimedia
FreeBSD-questions
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Mac Address Spoofing(!)

[TM4526]

In a message dated 11/6/04 4:59:05 PM Eastern Standard Time, 
[EMAIL PROTECTED] writes:
Hello guys,

I've set out to spoof my gateway's mac address so that I can get a
new ip address from my cable ISP without having to unplug my modem for
24 hours as they suggested (and is understandable, thats how long
their DHCP lease last). I've tried several things, one of which is
following the instructions here
http://ezine.daemonnews.org/200406/netgraph.html - I also tried doing:
ifconfig xl0 hw ether 00:00:00:00:00 to no avail.

I'm just wondering if anyone on this list knows of a way to do it
successfully or can provide me with a link to some useful
documentation.

It is YOUR gateway? Just use a different port, or swap out the ethernet
card. 
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Mac Address Spoofing(!)

[gabriel]

Thank you, I'll try that. Sometimes I'm very hesitant to believe
things are so easy, but I'm sure this is gonna work now. Thank you!



On Sat, 06 Nov 2004 16:13:00 -0600, Ben [EMAIL PROTECTED] wrote:
 BSD
 
  1) Bring down the interface: ifconfig xl0 down
 
  2) Enter new MAC address: ifconfig xl0 link 00:00:00:AA:AA:AA
 
  3) Bring up the interface: ifconfig xl0 up
 
 That's all there is to it.
 
 Good luck,
 
 Ben
 
 
 
 eddie dandrades wrote:
 
 Hello guys,
 
  I've set out to spoof my gateway's mac address so that I can get a
 new ip address from my cable ISP without having to unplug my modem for
 24 hours as they suggested (and is understandable, thats how long
 their DHCP lease last). I've tried several things, one of which is
 following the instructions here
 http://ezine.daemonnews.org/200406/netgraph.html - I also tried doing:
 ifconfig xl0 hw ether 00:00:00:00:00 to no avail.
 
 I'm just wondering if anyone on this list knows of a way to do it
 successfully or can provide me with a link to some useful
 documentation.
 
 
 Thanks guys!
 
 
 gabriel
 Member of:
 FreeBSD-Announce
 FreeBSD-Hardware
 FreeBSD-Multimedia
 FreeBSD-questions
 ___
 [EMAIL PROTECTED] mailing list
 http://lists.freebsd.org/mailman/listinfo/freebsd-questions
 To unsubscribe, send any mail to [EMAIL PROTECTED]
 
 
 


-- 
gabriel,

Member of:
FreeBSD-Announce
FreeBSD-Hardware
FreeBSD-Multimedia
FreeBSD-questions
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

block certian MAC address ?

[faisal gillani]

How can i activate the default firewall  that comes
with FreeBSD .. is there
any ?
also i wana know how to block certian MAC address with
it ..


thanks


=
*º¤., ¸¸,.¤º*¨¨¨*¤ Allah-hu-Akber*º¤., ¸¸,.¤º*¨¨*¤



__
Do you Yahoo!?
Read only the mail you want - Yahoo! Mail SpamGuard.
http://promotions.yahoo.com/new_mail 
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: block certian MAC address ?

[Eric Kjeldergaard]

On Sun, 17 Oct 2004 18:11:15 -0700 (PDT), faisal gillani
[EMAIL PROTECTED] wrote:
 How can i activate the default firewall  that comes
 with FreeBSD .. is there
 any ?
 also i wana know how to block certian MAC address with
 it ..
 
 thanks
 

You may want to start by reading FreeBSD's wonderful handbook. 
Especially http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls.html
that page.  This book addresses ipfw, one of the built-in firewalls in
freebsd.  There is also pf included in FreeBSD 5.3.  But regardless,
ipfw is a very easy-to-setup firewall for most applications.

-- 
If I write a signature, my emails will appear more personalised.
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

IPFW2 Mac Address Filtering

[Elijah A . Chancey]

I've searched high and low, and have read many times that doing mac 
address filtering with ipfw is possible.

I'm running 4.9, have recompiled the kernel with 'options ipfw2', and 
have recompiled libalias  ipfw with ipfw2 support.

I've read through the man pages, and I can't make this particular rule 
work.

I need to block all IP packets EXCEPT for packets coming from specific 
MAC addresses.

Can anyone give me an example of specifically how I should form this 
rule?

Elijah Chancey
NetlinkIP Sysadmin
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: IPFW2 Mac Address Filtering

[Christian Hiris]

On Tuesday 25 May 2004 17:57, Elijah A.Chancey wrote:
 I've searched high and low, and have read many times that doing mac
 address filtering with ipfw is possible.

 I'm running 4.9, have recompiled the kernel with 'options ipfw2', and
 have recompiled libalias  ipfw with ipfw2 support.

 I've read through the man pages, and I can't make this particular rule
 work.

 I need to block all IP packets EXCEPT for packets coming from specific
 MAC addresses.

 Can anyone give me an example of specifically how I should form this
 rule?

 Elijah Chancey
 NetlinkIP Sysadmin


Don't forget to set sysctl net.link.ether.ipfw=1.

[...]

# eth0: MAC of firewall NIC
# eth1: MAC of NIC to allow
# eth_broadcast: broadcast address  

eth0=00:04:00:00:00:01
eth1=00:04:00:00:00:02
eth_broadcast=ff:ff:ff:ff:ff:ff

${fwcmd} add pass MAC ${eth0} ${eth1}  
${fwcmd} add pass MAC ${eth1} ${eth0}
${fwcmd} add pass MAC ${eth_broadcast} ${eth0}
${fwcmd} add pass MAC ${eth_broadcast} ${eth1}

[...]


regards
ch

-- 
Christian Hiris [EMAIL PROTECTED] | OpenPGP KeyID 0x941B6B0B 
OpenPGP-Key at hkp://wwwkeys.eu.pgp.net and http://pgp.mit.edu


pgpxi3Pdngqfq.pgp
Description: signature

Re: Diskless PXE clients: switching FreeBSD kernels based on MAC address

[Chris Roehrig]

I'm following up on my original question and cross-posting it to the  
Soekris list in case this is useful for anyone else.  If there's an  
easier way to do this, I'd like to know!

Here's a bootloader script I wrote that works for me (FreeBSD  
4.9_RELEASE).

== kern_switch.4th  
=
\
\ kern_switch.4th
\   -- MAC-based kernel switching for PXE clients
\
\ Allows PXE booting of different kernels for different MAC  
addresses
\ using a shared NFS root partition.
\ Will use the default kernel if not booting from PXE or no HW MAC
\ addresses are matched.
\
\ USAGE:
\ 1.  Place this in /boot on the NFS server.
\ 2.  Include this from /boot/loader.conf using the following line:
\   exec=include /boot/kern_switch.4th
\ 3.  Edit the MAC address and kernel definitions below.
\ 4.  Make sure you have an alternate boot device handy when  
installing
\ so you can undo things if you make a mistake!
\
\ v 1.0; Mar_21_2004;  Chris Roehrig [EMAIL PROTECTED]

: switch_kernel ( kern_addr kern_n -- )
2dup . kern_switch DBG: switching kernel to  type cr
s kernel setenv
;
\ Check environment for loaddev...
s loaddev getenv  dup -1 = [if]
drop\ the -1 retval
.( kern_switch: no loaddev present in environment!) cr
[else]
2dup .( kern_switch: loaddev = ) type cr
s pxe0: compare 0= [if]
\ PXE Boot; get the hardware MAC address...
s boot.netif.hwaddr getenv  dup -1 = [if]
drop\ the -1 retval
.( kern_switch: no boot.netif.hwaddr present in environment!) cr
[else]
2dup .( kern_switch: boot.netif.hwaddr = ) type cr
\ switch on HW address...
\ ===
\ ENTER YOUR MAC ADDRESSES AND KERNEL NAMES HERE
\   Pad all MAC bytes to 2-digit, lower-case.
\   Be careful to preserve the space after s !
2dup s 00:00:24:c1:2a:64 compare 0= [if]
s /kernel.NET4501  switch_kernel [then]
2dup s 00:00:24:c1:35:50 compare 0= [if]
s /kernel.NET4801  switch_kernel [then]
\ ===
	2drop \ environment HW string

[then]
[then]
[then]


\ Display the kernel to be used...
s kernel getenv  dup -1  [if]
.( kern_switch: using kernel = ) type cr
[else]
drop
.( kern_switch: no kernel present in environment!) cr
[then]
 




On Mar 20, 2004, at 10:58, Chris Roehrig wrote:
I'm running FreeBSD 4.9_RELEASE and I'd like to share my server's root  
partition as the root partition for some diskless PXE clients, but I  
need different kernels for the server and clients.The /conf  
structure works great for providing different /etc environments for  
each machine, but I can't figure out how to boot a different kernel  
for my PXE clients.
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: [Soekris-tech] Re: Diskless PXE clients: switching FreeBSDkernels based on MAC address

[Matt Peterson]

This might be possible with DHCP, I've done something similar...

subnet 192.168.250.0 netmask 255.255.255.0 {
range 192.168.250.2 192.168.250.253;
option routers 192.168.250.254;
option subnet-mask 255.255.255.0;
# NFS server  path
option root-path 192.168.250.1:/usr/mboot;
}

class soekris {
match if substring (option vendor-class-identifier, 0, 20) = PXEClient:Arch:0;
# TFTP server  filename
next-server 192.168.250.1;
filename pxeboot;
}

Chris Roehrig wrote:

I'm following up on my original question and cross-posting it to the  
Soekris list in case this is useful for anyone else.  If there's 
an  easier way to do this, I'd like to know!


___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: mac address

[Daan Vreeken [PA4DAN]]

On Tuesday 13 January 2004 14:31, Daan Vreeken [PA4DAN] wrote:
 On Tuesday 13 January 2004 13:54, Malik Blent wrote:
  hello
 
  i use freebsd5.1 and i want to reject some computers  whose according to
  Mac Addresses and i recompiled kernel with
  options IPFIREWALL
 
  then i made ipfw.sh with touch and wrote in ;
  ipfw add deny MAC 00:60:67:28:0c:1e any
  ipfw add deny MAC any 00:60:67:28:0c:1e
 
  but I couldn't reject above machine
  What shall i do ?

 You have to it first with a sysctl :
Oops, typo, should have been :
You have to enable it first with a sysctl

 # sysctl -w net.link.ether.ipfw=1

 grtz,
 Daan
 ___
 [EMAIL PROTECTED] mailing list
 http://lists.freebsd.org/mailman/listinfo/freebsd-questions
 To unsubscribe, send any mail to
 [EMAIL PROTECTED]

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

mac address

[Malik Blent]

hello 

i use freebsd5.1 and i want to reject some computers  whose according to Mac 
Addresses 
and i recompiled kernel with 
options IPFIREWALL 

then i made ipfw.sh with touch and wrote in ;
ipfw add deny MAC 00:60:67:28:0c:1e any 

ipfw add deny MAC any 00:60:67:28:0c:1e

but I couldn't reject above machine

What shall i do ?

Thanks
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: mac address

[Daan Vreeken [PA4DAN]]

On Tuesday 13 January 2004 13:54, Malik Blent wrote:
 hello

 i use freebsd5.1 and i want to reject some computers  whose according to
 Mac Addresses and i recompiled kernel with
 options IPFIREWALL

 then i made ipfw.sh with touch and wrote in ;
 ipfw add deny MAC 00:60:67:28:0c:1e any
 ipfw add deny MAC any 00:60:67:28:0c:1e

 but I couldn't reject above machine
 What shall i do ?
You have to it first with a sysctl :
# sysctl -w net.link.ether.ipfw=1

grtz,
Daan
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Filter by MAC Address

[traore]

 Hello,
 
 I get router on FreeBSD. I want to filter packet by MAC Address fitering. Pls 
 let me know how can i this using ipfw. Or how can install iptables on freeBSD
 (with iptables, this is possible).
 REgards!



___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

MAC address change?

[Grant Peel]

Hi all,

My colo location has recently done some software upgrades on thier routers
and switches. Would this cause the following messages in my
/var/log/messages file?

 Aug 27 05:48:17 enterprise /kernel: arp: 65.39.193.154 moved from
00:0a:41:07:94:80 to 00:06:5b:ee:40:32 on fxp0


TIA,

-Grant

Grant W. Peel
Server Admin
[EMAIL PROTECTED]
http://thenetnow.com

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: MAC address change?

[Micheal Patterson]

Yes. Especially if they swapped out IP's on a router or replaced a nic.

--

Micheal Patterson
Network Administration
Cancer Care Network
405-733-2230


- Original Message - 
From: Grant Peel [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, August 28, 2003 6:30 PM
Subject: MAC address change?


 Hi all,

 My colo location has recently done some software upgrades on thier routers
 and switches. Would this cause the following messages in my
 /var/log/messages file?

  Aug 27 05:48:17 enterprise /kernel: arp: 65.39.193.154 moved from
 00:0a:41:07:94:80 to 00:06:5b:ee:40:32 on fxp0


 TIA,

 -Grant

 Grant W. Peel
 Server Admin
 [EMAIL PROTECTED]
 http://thenetnow.com

 ___
 [EMAIL PROTECTED] mailing list
 http://lists.freebsd.org/mailman/listinfo/freebsd-questions
 To unsubscribe, send any mail to
[EMAIL PROTECTED]


___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: MAC address change?

[Kevin Stevens]

On Thu, 28 Aug 2003, Grant Peel wrote:

 Hi all,

 My colo location has recently done some software upgrades on thier routers
 and switches. Would this cause the following messages in my
 /var/log/messages file?

  Aug 27 05:48:17 enterprise /kernel: arp: 65.39.193.154 moved from
 00:0a:41:07:94:80 to 00:06:5b:ee:40:32 on fxp0

Yes, it could, if that IP address is your next upstream hop.  That's
moving from a Cisco device to a Dell, BTW, not sure it's really an
upgrade...

KeS
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

dc NIC: mac address gets reset (5.0-REL)

[Benjamin Lutz]

I just installed FreeBSD 5.0-RELEASE on a machine that was running 4.7-RELEASE-p3 
before. I've got a problem with my network card:

After rebooting the system, it's MAC address is reset to C0:00:C0:00:C0:00. The card 
works fine otherwise (apart from some dc: failed to force tx and rx to idle state 
messages that are, as far as the mailing lists tell me, uncritical). This of course 
makes the DHCP server give me another than my standard IP. Also, if I install FreeBSD 
5.0 on another machine in my LAN, and it shows the same behaviour, i'll run into 
problems.

I can manually change the MAC address back to its old value, then restart dhclient, 
and it works. However, I don't want to have to do that after every reboot...

Here's the relevant lines from dmesg:
- PASTE START -
dc0: Davicom DM9102A 10/100BaseTX port 0xd000-0xd0ff mem 0xef00-0xefff irq 
11 at device 11.0 on pci0
dc0: Ethernet address: c0:00:c0:00:c0:00
miibus0: MII bus on dc0
dc0: failed to force tx and rx to idle state
dc0: failed to force tx and rx to idle state
dc0: failed to force tx and rx to idle state
dc0: failed to force tx and rx to idle state
dc0: failed to force tx and rx to idle state
dc0: failed to force tx and rx to idle state
dc0: failed to force tx and rx to idle state
dc0: failed to force tx and rx to idle state
dc0: failed to force tx and rx to idle state
dc0: failed to force tx and rx to idle state
dc0: failed to force tx and rx to idle state
dc0: failed to force tx and rx to idle state
- PASTE END -

Any ideas?

Greetings
Benjamin

To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-questions in the body of the message

Re: dc NIC: mac address gets reset (5.0-REL)

[Maxlor]

On Mon, 20 Jan 2003 16:38:25 -0600
Dan Nelson [EMAIL PROTECTED] wrote:

 I think this is a known problem.  You can probably work around it by
 creating a file /etc/start_if.dc0 with the single line:
 
   ifconfig dc0 ether 01:23:45:67:89:AB
 
 That should force the mac address before dhcp starts up.

Thank you, works just fine. And it's much less ugly than having a script in
/usr/local/etc/rc.d :)

Greetings
Benjamin

To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-questions in the body of the message

Re: dc NIC: mac address gets reset (5.0-REL)

[Dan Nelson]

In the last episode (Jan 20), Benjamin Lutz said:
 I just installed FreeBSD 5.0-RELEASE on a machine that was running
 4.7-RELEASE-p3 before. I've got a problem with my network card:
 
 After rebooting the system, it's MAC address is reset to
 C0:00:C0:00:C0:00. The card works fine otherwise (apart from some
 dc: failed to force tx and rx to idle state messages that are, as
 far as the mailing lists tell me, uncritical). This of course makes
 the DHCP server give me another than my standard IP. Also, if I
 install FreeBSD 5.0 on another machine in my LAN, and it shows the
 same behaviour, i'll run into problems.
 
 I can manually change the MAC address back to its old value, then
 restart dhclient, and it works. However, I don't want to have to do
 that after every reboot...

I think this is a known problem.  You can probably work around it by
creating a file /etc/start_if.dc0 with the single line:

  ifconfig dc0 ether 01:23:45:67:89:AB

That should force the mac address before dhcp starts up.

-- 
Dan Nelson
[EMAIL PROTECTED]

To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-questions in the body of the message

Can't find ethernet (MAC) address

[James C. Li]

Hi,

My NIC (Linksys LNE100 TX) has worked fine within a Cable modem LAN (with a
Linksys router), but since I've moved in to my college dorm, I can't find the
MAC address.  With ifconfig, I get something like (I can't reproduce it; typing
this from a public computer):

% ifconfig
  . . .
ether: ff:ff:ff:ff:ff:ff
  . . .

Apparently, the school requires students to register their ethernet (MAC)
addresses before their DHCP server leases an IP address.  Is there any way for
me to get the ethernet address through FreeBSD?

BTW: the machine is FreeBSD-4.7 RELEASE

Also, could the MAC address by on the card somewhere (if anybody has a similar
card)?  All I see is some string of numbers like a scan code.

Thanks,

James

__
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com

To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-questions in the body of the message

Re: Can't find ethernet (MAC) address

[James Pole]

On Tue, 2003-01-14 at 07:04, James C. Li wrote:
 Hi,
 
 My NIC (Linksys LNE100 TX) has worked fine within a Cable modem LAN (with a
 Linksys router), but since I've moved in to my college dorm, I can't find the
 MAC address.  With ifconfig, I get something like (I can't reproduce it; typing
 this from a public computer):

You should be able to get it from the dmesg:-

 dmesg | grep xl
xl0: 3Com 3c905B-TX Fast Etherlink XL port 0xec00-0xec7f mem
0xdf80-0xdfff irq 10 at device 13.0 on pci0
xl0: Ethernet address: 00:10:xx:xx:xx:xx


The xxs were added for security.

- James

-- 
James Pole

ICQ: 21721828
AIM: kiwijames1986
MSN: [EMAIL PROTECTED]
SMS: +64-210-455-139


To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-questions in the body of the message

Re: MAC address trouble

[Marcel Stangenberger]

 I did an upgrade of my LAN this morning from 10Mbits to 100Mbits (full
 duplex). To do so i bought to Sitecom Fast Ethernet LAN cards (sitecom
 chipset).

 After installation i found out that freebsd gave both the cards the same
 MAC address (here is my arp output)

   192.168.0.2   08-00-08-00-08-00 dynamic
   192.168.0.3   08-00-08-00-08-00 dynamic

 i also found out that these are not the MAC adresses they are supposed to
 have (the DOS tool shows other MAC addresses).

 The driver both cards use is dc

 Can anyone tell me what is going on and if i can change the MAC of one of
 the cards during boot. I know i can change them using

 ifconfig dc0 lladdr newmac

 but i need to do this at boot cause having the same MAC address i lose
 contact to both servers.

I've resolved the issue currently using /etc/rc.local

i also found that this error is already discussed about on freebsd-stable

an explanation of the error can be found here.

http://groups.google.com/groups?hl=nllr=ie=UTF-8oe=UTF-8threadm=amjkrm%241ke4%241%40FreeBSD.csie.NCTU.edu.twrnum=4prev=/groups%3Fq%3DADM983%2B%252B%2Bfreebsd%26hl%3Dnl%26lr%3D%26ie%3DUTF-8%26oe%3DUTF-8%26selm%3Damjkrm%25241ke4%25241%2540FreeBSD.csie.NCTU.edu.tw%26rnum%3D4%26filter%3D0

Marcel

To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-questions in the body of the message

Re: MAC address trouble

[Marcel Stangenberger]

 ifconfig dc0 lladdr newmac

 but i need to do this at boot cause having the same MAC address i lose
 contact to both servers.


friend of mine helped me out here, he found an eeprom tool to change the
MAC

one can download it here
http://www.admtek.com.tw/download/AN983B.htm

Marcel

To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-questions in the body of the message

MAC address trouble

[Marcel Stangenberger]

Hi all,

I did an upgrade of my LAN this morning from 10Mbits to 100Mbits (full
duplex). To do so i bought to Sitecom Fast Ethernet LAN cards (sitecom
chipset).

After installation i found out that freebsd gave both the cards the same
MAC address (here is my arp output)

  192.168.0.2   08-00-08-00-08-00 dynamic
  192.168.0.3   08-00-08-00-08-00 dynamic

i also found out that these are not the MAC adresses they are supposed to
have (the DOS tool shows other MAC addresses).

The driver both cards use is dc

Can anyone tell me what is going on and if i can change the MAC of one of
the cards during boot. I know i can change them using

ifconfig dc0 lladdr newmac

but i need to do this at boot cause having the same MAC address i lose
contact to both servers.

Marcel
--
It's no surprise that things are so screwed up: everyone that knows how
to run a government is either driving taxicabs or cutting hair.
-- George Burns


To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-questions in the body of the message

RE: how to restrict as mac address

[Olivier Cherrier]

On FreeBSD4.x
How can I restrict any pc(win9x,2000,etc) as mac address of 
it's ethernet ?
that is can I use ipfw for that ? I did not find any document 
about that.

Have you even searched?
http://www.freebsd.org/cgi/man.cgi?query=ipfwapropos=0; \ 
sektion=0manpath=FreeBSD+4.7-stableformat=html


oc

To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-questions in the body of the message

Re: Is there a way to get a MAC address from an IP address

[Fernando Gleiser]

On Thu, 2 Jan 2003, Dan Malaby wrote:

 Is there a way if given an IP address to get the MAC address. The problem I
 am having is that there are two nic's that are using the same IP address on
 my network, but the error message my FBSD box gives me is only the MAC
 address for the offending card. I belive that the offending card does have
 another ligit IP address. I do have a map of all IP that respond on my
 network, but do not have a way of knowing which IP goes with which MAC address.

arp -an | grep MAC

replace MAC with the MAC addr you have.




Fer


 Any help would be appreciated.


 Daniel Malaby   voice:(510) 531-6500
 Peritek Corp.   fax:   (510) 530-8563
 5550 Redwood Road   email: [EMAIL PROTECTED]
 Oakland, CA 94619


 To Unsubscribe: send mail to [EMAIL PROTECTED]
 with unsubscribe freebsd-questions in the body of the message



To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-questions in the body of the message

Is there a way to get a MAC address from an IP address

[Dan Malaby]

Is there a way if given an IP address to get the MAC address. The problem I 
am having is that there are two nic's that are using the same IP address on 
my network, but the error message my FBSD box gives me is only the MAC 
address for the offending card. I belive that the offending card does have 
another ligit IP address. I do have a map of all IP that respond on my 
network, but do not have a way of knowing which IP goes with which MAC address.

Any help would be appreciated.


Daniel Malaby   voice:(510) 531-6500
Peritek Corp.   fax:   (510) 530-8563
5550 Redwood Road   email: [EMAIL PROTECTED]
Oakland, CA 94619


To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-questions in the body of the message