Re: Multiple MAC on a single (physical) interface
Le Jeudi 5 à 10:05, Nikos Vassiliadis a écrit : Frédéric Perrin wrote: I need to be able to send and receive using several MAC addresses, as if I had several NIC (which I of course don't have). [...] Yes, you could use a netgraph bridge to bridge several ethernet interfaces together. Luckily, there is also a pseudo-ethernet-like interface you can attach to this bridge and of course you get to treat the pseudo-ethernet as a regular ethernet interface, that is, change its MAC address. The process is described here: http://www.bsdatwork.com/2004/06/19/mac_spoofing_on_freebsd/ Oh, yes, I actually remember trying that. However, on the first ngctl(8) invocation I do (even a 'ngctl list' after a clean reboot), the kernel says : WARNING: attempt to net_add_domain(netgraph) after domainfinalize() I can reproduce this by doing a 'kldload ng_socket'. kldstat(8) says that the module is loaded anyway. A quick googling says that this message is harmless. A 2006 post says that it was silenced in 6-STABLE ; it lokks like this haven't made its way to the 7.1-RELEASE I'm using. However ; On the next step, when I create the bridge, I have : # ngctl -dd mkpeer ngeth0: bridge lower link0 [...] ngctl: sendto(ngeth0:): No such file or directory ngctl: send msg: No such file or directory I guess I have to read more in details about how netgraph works in recent releases of FreeBSD before goiing on. Unfortunately, I will soon be physically away from my FreeBSD box for a week, and fiddling with net interfaces is tipically something I'm afraid of doing through SSH. Thanks anyway from the pointer. -- Fred ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Multiple MAC on a single (physical) interface
Frédéric Perrin wrote: Le Jeudi 5 à 10:05, Nikos Vassiliadis a écrit : Frédéric Perrin wrote: I need to be able to send and receive using several MAC addresses, as if I had several NIC (which I of course don't have). [...] Yes, you could use a netgraph bridge to bridge several ethernet interfaces together. Luckily, there is also a pseudo-ethernet-like interface you can attach to this bridge and of course you get to treat the pseudo-ethernet as a regular ethernet interface, that is, change its MAC address. The process is described here: http://www.bsdatwork.com/2004/06/19/mac_spoofing_on_freebsd/ Oh, yes, I actually remember trying that. However, on the first ngctl(8) invocation I do (even a 'ngctl list' after a clean reboot), the kernel says : WARNING: attempt to net_add_domain(netgraph) after domainfinalize() I can reproduce this by doing a 'kldload ng_socket'. kldstat(8) says that the module is loaded anyway. A quick googling says that this message is harmless. A 2006 post says that it was silenced in 6-STABLE ; it lokks like this haven't made its way to the 7.1-RELEASE I'm using. This warning appeared on 7-CURRENT. However ; On the next step, when I create the bridge, I have : # ngctl -dd mkpeer ngeth0: bridge lower link0 [...] ngctl: sendto(ngeth0:): No such file or directory ngctl: send msg: No such file or directory I guess I have to read more in details about how netgraph works in recent releases of FreeBSD before goiing on. Unfortunately, I will soon be physically away from my FreeBSD box for a week, and fiddling with net interfaces is tipically something I'm afraid of doing through SSH. Thanks anyway from the pointer. You can create the pseudo ethernets using 'ngctl mkpeer . eiface hook ether' and bridge them using if_bridge. You don't have to use the ng_bridge, if_bridge will work fine with the virtual ethernet interfaces. But there are other limitations that came up when I tried this setup... Apparently you'll want to use IP addresses from the same network. For example: fxp0 10.0.0.1/24 ether 00:00:00:01:01:01 ngeth0 10.0.0.2/32 ether 00:00:00:02:02:02 ngeth1 10.0.0.3/32 ether 00:00:00:03:03:03 etc Since there is not much sense in saying that network 10.0.0.0/24 is attached to more than one interfaces, you'll have to use /32 masks for all the aliases, and a /24 for the fxp0 one, right? FreeBSD will then know that network 10.0.0.0/24 is attached to fxp0 and will use fxp0's IP and MAC address to do the ARP query... So, in short, if you use such a setup: fxp0 10.0.0.1/24 ether 00:00:00:01:01:01 ngeth0 10.0.0.2/32 ether 00:00:00:02:02:02 ngeth1 10.0.0.3/32 ether 00:00:00:03:03:03 The IP address in use will be the 10.0.0.1 one and the MAC address will be the 00:00:00:01:01:01 one. But you can use this one: fxp0 10.0.0.1/24 ether 00:00:00:01:01:01 ngeth0 10.0.1.2/24 ether 00:00:00:02:02:02 ngeth1 10.0.2.3/24 ether 00:00:00:03:03:03 As far as I know, the only way to achieve this (having the same network on different interfaces and many many other features) is the VIMAGE way: http://imunes.tel.fer.hr/virtnet/ In a few days VIMAGE will be in the SVN repository. Sorry for the noise... Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Multiple MAC on a single (physical) interface
Le Vendredi 6 à 15:51, Nikos Vassiliadis a écrit : FreeBSD will then know that network 10.0.0.0/24 is attached to fxp0 and will use fxp0's IP and MAC address to do the ARP query... So, in short, if you use such a setup: fxp0 10.0.0.1/24 ether 00:00:00:01:01:01 ngeth0 10.0.0.2/32 ether 00:00:00:02:02:02 ngeth1 10.0.0.3/32 ether 00:00:00:03:03:03 The IP address in use will be the 10.0.0.1 one and the MAC address will be the 00:00:00:01:01:01 one. Yes indeed : if I do from another host : $ arping [ngeth0 IP] I get rl0's MAC as an answer, and doig 'tcpdump -i rl0 ether host [ngeth0 MAC]' when ssh to my jail behind ngeth0, I don't see any activity. If I manually add ngeth0's MAC to the other host arp cache, ssh'ing to my jail works, and packets do have ngeth0's MAC. I won't be able to work any further on this before next week. Thanks a lot for your help, Nikos. -- Fred For the record, my network config looks like (minus lo0) : % ifconfig rl0: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST metric 0 mtu 1500 options=8VLAN_MTU ether 00:1c:f0:f8:cd:d6 inet6 fe80::21c:f0ff:fef8:cdd6%rl0 prefixlen 64 scopeid 0x1 inet 172.22.209.241 netmask 0xe000 broadcast 172.22.223.255 inet6 2001:660:7302:3:21c:f0ff:fef8:cdd6 prefixlen 64 autoconf media: Ethernet autoselect (100baseTX full-duplex) status: active ngeth0: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST metric 0 mtu 1500 ether 00:00:39:56:f1:1a inet6 fe80::200:39ff:fe56:f11a%ngeth0 prefixlen 64 scopeid 0x4 inet 172.22.212.7 netmask 0x broadcast 172.22.212.7 bridge0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST metric 0 mtu 1500 ether 56:34:43:fd:04:57 id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200 root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0 member: ngeth0 flags=143LEARNING,DISCOVER,AUTOEDGE,AUTOPTP ifmaxaddr 0 port 4 priority 128 path cost 200 member: rl0 flags=143LEARNING,DISCOVER,AUTOEDGE,AUTOPTP ifmaxaddr 0 port 1 priority 128 path cost 20 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Multiple MAC on a single (physical) interface
Frédéric Perrin wrote: Hello, I live in a network where it is pretty much assumed that one machine == one MAC address == one IP address. Therefore, in order to play with jails, some having of course access to the network, I need to be able to send and receive using several MAC addresses, as if I had several NIC (which I of course don't have). I first describe the setup I have come up with, then ask the list a couple of questions. rl0 (my only physical interface) is made promiscous, and its otherwise fine configuration is not touched (it still has it MAC and IP address) : # ifconfig rl0 promisc Create a bridge, and attach it rl0 : # ifconfig bridge0 create # ifconfig bridge0 addm rl0 up Create 2 interfaces : the first one will be connected to the bridge, the other will be the one we really want to use. # ifconfig tap0 create # ifconfig bridge0 addm tap0 up # ifconfig tap1 create Link tap0 to tap1, I have been using the br_select.c example that comme with the generic tap/tun driver on vtun.sf.net (basically, what it does is : @ open(/dev/tap0); open(/dev/tap1); @ for ever: @ if there is data in tap0, copy it to tap1 @ if there is data in tap1, copy it to tap0 @ end for Then, configure tap1 as wanted, as in : # ifconfig tap0 up ; ifconfig tap1 up # dhclient tap1 Then start a jail with the IP given to tap1, with a network service in it (sshd will do). Check that ssh'ing to the jail works. It should be possible to create use n tap devices, by doing : @ for ever: @ if there is data in tap0, copy it to tap1, ... tapn @ if there is data in tap1 or ... tapn, copy it to tap0 @ end for Also, while researching my problem, I see that it shouldn't be very hard to add hooks to rc.conf to automate all this process. Questions : It seems quite a convoluted setup (especially having to make a tunnel from tap0 to tap1 ... tapn). Is there an easier way ? Comments ? Yes, you could use a netgraph bridge to bridge several ethernet interfaces together. Luckily, there is also a pseudo-ethernet-like interface you can attach to this bridge and of course you get to treat the pseudo-ethernet as a regular ethernet interface, that is, change its MAC address. The process is described here: http://www.bsdatwork.com/2004/06/19/mac_spoofing_on_freebsd/ It's simple and an all-in-kernel solution. HTH, Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Multiple MAC on a single (physical) interface
Hello, I live in a network where it is pretty much assumed that one machine == one MAC address == one IP address. Therefore, in order to play with jails, some having of course access to the network, I need to be able to send and receive using several MAC addresses, as if I had several NIC (which I of course don't have). I first describe the setup I have come up with, then ask the list a couple of questions. rl0 (my only physical interface) is made promiscous, and its otherwise fine configuration is not touched (it still has it MAC and IP address) : # ifconfig rl0 promisc Create a bridge, and attach it rl0 : # ifconfig bridge0 create # ifconfig bridge0 addm rl0 up Create 2 interfaces : the first one will be connected to the bridge, the other will be the one we really want to use. # ifconfig tap0 create # ifconfig bridge0 addm tap0 up # ifconfig tap1 create Link tap0 to tap1, I have been using the br_select.c example that comme with the generic tap/tun driver on vtun.sf.net (basically, what it does is : @ open(/dev/tap0); open(/dev/tap1); @ for ever: @ if there is data in tap0, copy it to tap1 @ if there is data in tap1, copy it to tap0 @ end for Then, configure tap1 as wanted, as in : # ifconfig tap0 up ; ifconfig tap1 up # dhclient tap1 Then start a jail with the IP given to tap1, with a network service in it (sshd will do). Check that ssh'ing to the jail works. It should be possible to create use n tap devices, by doing : @ for ever: @ if there is data in tap0, copy it to tap1, ... tapn @ if there is data in tap1 or ... tapn, copy it to tap0 @ end for Also, while researching my problem, I see that it shouldn't be very hard to add hooks to rc.conf to automate all this process. Questions : It seems quite a convoluted setup (especially having to make a tunnel from tap0 to tap1 ... tapn). Is there an easier way ? Comments ? When googling for this, I was surprised not to find explanations on how to do that. Is my google fu lacking and me missing the obvious ? If this solution is a valid one, where can I post it for all to see ? (I thought about wiki.f.o, but it is developer-only it seems. forums.f.o ?) I'm not subscribed to the list, CC me in your answer, please. -- Fred ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Multiple MAC on a single (physical) interface
On Wed, Feb 4, 2009 at 1:07 PM, Frédéric Perrin frederic.per...@resel.fr wrote: [snip] It seems quite a convoluted setup (especially having to make a tunnel from tap0 to tap1 ... tapn). Is there an easier way ? Comments ? Forgive me if I am misunderstanding what you are trying to accomplish, but it appears you just want to have several jails with sevaral IP addresses. I'm not clear on why you mentioned MAC, as from what I see, is irrelevant. What you can do is create aliased devices in rc.conf for your jails: ifconfig_em0=whatever ifconfig_em0_alias0=my settings ifconfig_em0_alias1=more settings Again, forgive me if I am not understanding your question. -- Glen Barber ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Multiple MAC on a single (physical) interface
Le Mercredi 4 à 19:36, Glen Barber a écrit : Forgive me if I am misunderstanding what you are trying to accomplish, but it appears you just want to have several jails with sevaral IP addresses. I'm not clear on why you mentioned MAC, as from what I see, is irrelevant. I want each jail to have a different MAC [1]. Since I live in a level 2 network (i.e. we only do Ethernet switching, and no IP routing), it would be easy to see that the host and its jail(s) are on the same system since they share the same MAC. I want to make the jail appear as a completely different host from the point of vue of the rest of the network. What you can do is create aliased devices in rc.conf for your jails: ifconfig_em0=whatever ifconfig_em0_alias0=my settings ifconfig_em0_alias1=more settings Yes, I saw that on the first article on jails I read :-). But packets from alias0 will still have the same MAC as em0, which I don't want. The obvious 'ifconfig em0 ether xx.xx.xx alias' won't work, it replaces em0's MAC. [1] MAC as in Media Access Control aka Ethernet address, we're not discussing mandatory access control. -- Fred ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Multiple MAC on a single (physical) interface
A bit of searching for freebsd rc.conf ifconfig mac address brought me to this, in a previous mailing list thread. Not sure if this works with 'alias'ed interfaces, but worth a shot, I suppose. ifconfig_em0=inet 1.2.3.4 netmask 255.0.0.0 ether aa:bb:cc:dd:ee:ff -- Glen Barber ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Multiple MAC on a single (physical) interface
Le Mercredi 4 à 23:26, Glen Barber a écrit : A bit of searching for freebsd rc.conf ifconfig mac address brought me to this, in a previous mailing list thread. Not sure if this works with 'alias'ed interfaces, but worth a shot, I suppose. ifconfig_em0=inet 1.2.3.4 netmask 255.0.0.0 ether aa:bb:cc:dd:ee:ff Actually, this exact syntax won't work because ifconfig can't change both the inet and the ethernet address in one shot (see [1] or [2]), the workaround being : ifconfig_em0=inet 1.2.3.4/8 ifconfig_em0_alias0=ether a:b:c:d:e:f And, however you take it, it seems that you can't have two MAC addresses on one interface, yet this is what I ultimately want. with the above exemple, the original MAC address of em0 will be overwritten by the new one. [1] http://www.freebsd.org/cgi/query-pr.cgi?pr=41647cat=bin for the bug that appeared in 4.6, along with quite a lot of details, and [2] http://www.freebsd.org/cgi/query-pr.cgi?pr=123633cat=bin for an ack to the fact that it is still in 7-stable. -- Fred ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Multiple MAC on a single (physical) interface
On Wed, Feb 4, 2009 at 6:20 PM, Frédéric Perrin frederic.per...@resel.fr wrote: ifconfig_em0=inet 1.2.3.4/8 ifconfig_em0_alias0=ether a:b:c:d:e:f Well, I was thinking: ifconfig_em0=inet 1.2.3.4 ifconfig_em0_alias0=1.2.3.5 ether xx:xx:xx:xx:xx -- Glen Barber ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
