Re: [pfSense] More than one MAC address on one phys.ethernet interface
Well create a php script like ?php pfSense_ngctl_attach(., re0); ? Execute that before running daemonology commands. But if you just want to test for one time. I cannot imagine keeping that stable without suppport in teh architecture of pfSense. On Mon, Nov 5, 2012 at 11:31 PM, David Brodski da...@brodski.eu wrote: Thank you for the replay, but I it is not working. If I try to use the commands from http://www.daemonforums.org/showpost.php?s=192d3b485d84462d3982051f5959b35ap=19494postcount=12 ngctl mkpeer . eiface hook ether - works ifconfig ngeth0 up - works [2.0.1-RELEASE][admin@pfsense.localdomain]/root(5): ngctl mkpeer ngeth0: bridge lower link0 ngctl: send msg: Protocol family not supported and that is where it does not work anymore. If I try your command: [2.0.1-RELEASE][admin@pfsense.localdomain]/root(2): ngctl ether re0 -iirc ngctl: ether: unknown command Any idea what went wrong? Thanks, David General information: re0 is the external interface, ngeth0 is created after the first command. I can assign an other mac to ngeth0 but of course I can not send any data. [2.0.1-RELEASE][admin@pfsense.localdomain]/root(8): ngctl list There are 5 total nodes: Name: unnamed Type: socket ID: 0010 Num hooks: 0 Name: unnamed Type: socket ID: 000f Num hooks: 0 Name: ngctl31879 Type: socket ID: 002e Num hooks: 0 Name: ngeth0 Type: eiface ID: 002a Num hooks: 0 Name: fwe0Type: ether ID: 0001 Num hooks: 0 [2.0.1-RELEASE][admin@pfsense.localdomain]/root(7): ifconfig fwe0: flags=8802BROADCAST,SIMPLEX,MULTICAST metric 0 mtu 1500 options=8VLAN_MTU ether 02:00:00:00:00:00 ch 1 dma -1 fwip0: flags=8802BROADCAST,SIMPLEX,MULTICAST metric 0 mtu 1500 lladdr 0.0.0.0.0.0.0.0.a.2.ff.fe.0.0.0.0 re0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST metric 0 mtu 1500 options=389bRXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_UCAST,WOL_MCAST,WOL_MAGIC ether 00:03:1d:03:e8:1c inet6 fe80::203:1dff:fe03:e81c%re0 prefixlen 64 scopeid 0x3 inet 83.XXX.XXX.XX netmask 0xfe00 broadcast 83.XXX.XXX.255 nd6 options=3PERFORMNUD,ACCEPT_RTADV media: Ethernet autoselect (100baseTX full-duplex) status: active re1: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST metric 0 mtu 1500 options=389bRXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_UCAST,WOL_MCAST,WOL_MAGIC ether 00:03:1d:03:e8:1d inet 192.168.140.2 netmask 0xff00 broadcast 192.168.140.255 inet6 fe80::203:1dff:fe03:e81d%re1 prefixlen 64 scopeid 0x4 nd6 options=3PERFORMNUD,ACCEPT_RTADV media: Ethernet autoselect (1000baseT full-duplex) status: active plip0: flags=8810POINTOPOINT,SIMPLEX,MULTICAST metric 0 mtu 1500 lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST metric 0 mtu 16384 options=3RXCSUM,TXCSUM inet 127.0.0.1 netmask 0xff00 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6 nd6 options=3PERFORMNUD,ACCEPT_RTADV pfsync0: flags=0 metric 0 mtu 1460 syncpeer: 224.0.0.240 maxupd: 128 syncok: 1 pflog0: flags=100PROMISC metric 0 mtu 33200 enc0: flags=0 metric 0 mtu 1536 ngeth0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST metric 0 mtu 1500 ether 00:00:00:00:00:00 inet6 fe80::203:1dff:fe03:e81c%ngeth0 prefixlen 64 scopeid 0xa nd6 options=3PERFORMNUD,ACCEPT_RTADV On 05.11.2012 16:56, Ermal Luçi wrote: you have to attache the interface yourself to netgraph. ngctl ether $iface -iirc After that you can continue renaming the interface etc... But you will have issues with restart of pfSense. There was never something pushing this to be implemented. On Mon, Nov 5, 2012 at 2:16 PM, David Brodski da...@brodski.eu mailto:da...@brodski.eu wrote: Hi, my ISP gives me one global IP per computer (mac address / dhcp) attached to my cable modem. When I use pfsense as firewall, I can only get one IP since it only has one wan interface. I do not know the IP addresses before, they are not static IPs. Is there a way to do that in pfsense without adding another ethernet card? I already found similar topics, but they are quit old and the links are not working (http://www.mail-archive.com/support@pfsense.com/msg02096.html). It seams that either I need the kernel modul ng_ether.ko or change some scripts since I can not add a bridge to my interfaces. If I run ngctl list I'll get unamed interfaces and the real interfaces re0 and re1 are not in the list, similar to http://forum.pfsense.org/index.php/topic,36722.msg189344.html . The solution they describe is missing some steps or I just do not get it :-D. I also tried
[pfSense] More than one MAC address on one phys.ethernet interface
Hi, my ISP gives me one global IP per computer (mac address / dhcp) attached to my cable modem. When I use pfsense as firewall, I can only get one IP since it only has one wan interface. I do not know the IP addresses before, they are not static IPs. Is there a way to do that in pfsense without adding another ethernet card? I already found similar topics, but they are quit old and the links are not working (http://www.mail-archive.com/support@pfsense.com/msg02096.html). It seams that either I need the kernel modul ng_ether.ko or change some scripts since I can not add a bridge to my interfaces. If I run ngctl list I'll get unamed interfaces and the real interfaces re0 and re1 are not in the list, similar to http://forum.pfsense.org/index.php/topic,36722.msg189344.html . The solution they describe is missing some steps or I just do not get it :-D. I also tried http://www.daemonforums.org/showpost.php?s=3301fb2839be371ede93676af845f86bp=19494postcount=12 but the line ngctl mkpeer ngeth0: bridge lower link0 gives me an error (probably the missing ng_ether.ko). Is there a way to get that kind of configuration? This is the first time working with BSD so don't be to harsh :-) Thanks for the help, David -- ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] More than one MAC address on one phys.ethernet interface
you have to attache the interface yourself to netgraph. ngctl ether $iface -iirc After that you can continue renaming the interface etc... But you will have issues with restart of pfSense. There was never something pushing this to be implemented. On Mon, Nov 5, 2012 at 2:16 PM, David Brodski da...@brodski.eu wrote: Hi, my ISP gives me one global IP per computer (mac address / dhcp) attached to my cable modem. When I use pfsense as firewall, I can only get one IP since it only has one wan interface. I do not know the IP addresses before, they are not static IPs. Is there a way to do that in pfsense without adding another ethernet card? I already found similar topics, but they are quit old and the links are not working (http://www.mail-archive.com/support@pfsense.com/msg02096.html). It seams that either I need the kernel modul ng_ether.ko or change some scripts since I can not add a bridge to my interfaces. If I run ngctl list I'll get unamed interfaces and the real interfaces re0 and re1 are not in the list, similar to http://forum.pfsense.org/index.php/topic,36722.msg189344.html . The solution they describe is missing some steps or I just do not get it :-D. I also tried http://www.daemonforums.org/showpost.php?s=3301fb2839be371ede93676af845f86bp=19494postcount=12but the line ngctl mkpeer ngeth0: bridge lower link0 gives me an error (probably the missing ng_ether.ko). Is there a way to get that kind of configuration? This is the first time working with BSD so don't be to harsh :-) Thanks for the help, David -- ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list -- Ermal ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] More than one MAC address on one phys.ethernet interface
Thank you for the replay, but I it is not working. If I try to use the commands from http://www.daemonforums.org/showpost.php?s=192d3b485d84462d3982051f5959b35ap=19494postcount=12 ngctl mkpeer . eiface hook ether - works ifconfig ngeth0 up - works [2.0.1-RELEASE][admin@pfsense.localdomain]/root(5): ngctl mkpeer ngeth0: bridge lower link0 ngctl: send msg: Protocol family not supported and that is where it does not work anymore. If I try your command: [2.0.1-RELEASE][admin@pfsense.localdomain]/root(2): ngctl ether re0 -iirc ngctl: ether: unknown command Any idea what went wrong? Thanks, David General information: re0 is the external interface, ngeth0 is created after the first command. I can assign an other mac to ngeth0 but of course I can not send any data. [2.0.1-RELEASE][admin@pfsense.localdomain]/root(8): ngctl list There are 5 total nodes: Name: unnamed Type: socket ID: 0010 Num hooks: 0 Name: unnamed Type: socket ID: 000f Num hooks: 0 Name: ngctl31879 Type: socket ID: 002e Num hooks: 0 Name: ngeth0 Type: eiface ID: 002a Num hooks: 0 Name: fwe0Type: ether ID: 0001 Num hooks: 0 [2.0.1-RELEASE][admin@pfsense.localdomain]/root(7): ifconfig fwe0: flags=8802BROADCAST,SIMPLEX,MULTICAST metric 0 mtu 1500 options=8VLAN_MTU ether 02:00:00:00:00:00 ch 1 dma -1 fwip0: flags=8802BROADCAST,SIMPLEX,MULTICAST metric 0 mtu 1500 lladdr 0.0.0.0.0.0.0.0.a.2.ff.fe.0.0.0.0 re0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST metric 0 mtu 1500 options=389bRXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_UCAST,WOL_MCAST,WOL_MAGIC ether 00:03:1d:03:e8:1c inet6 fe80::203:1dff:fe03:e81c%re0 prefixlen 64 scopeid 0x3 inet 83.XXX.XXX.XX netmask 0xfe00 broadcast 83.XXX.XXX.255 nd6 options=3PERFORMNUD,ACCEPT_RTADV media: Ethernet autoselect (100baseTX full-duplex) status: active re1: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST metric 0 mtu 1500 options=389bRXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_UCAST,WOL_MCAST,WOL_MAGIC ether 00:03:1d:03:e8:1d inet 192.168.140.2 netmask 0xff00 broadcast 192.168.140.255 inet6 fe80::203:1dff:fe03:e81d%re1 prefixlen 64 scopeid 0x4 nd6 options=3PERFORMNUD,ACCEPT_RTADV media: Ethernet autoselect (1000baseT full-duplex) status: active plip0: flags=8810POINTOPOINT,SIMPLEX,MULTICAST metric 0 mtu 1500 lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST metric 0 mtu 16384 options=3RXCSUM,TXCSUM inet 127.0.0.1 netmask 0xff00 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6 nd6 options=3PERFORMNUD,ACCEPT_RTADV pfsync0: flags=0 metric 0 mtu 1460 syncpeer: 224.0.0.240 maxupd: 128 syncok: 1 pflog0: flags=100PROMISC metric 0 mtu 33200 enc0: flags=0 metric 0 mtu 1536 ngeth0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST metric 0 mtu 1500 ether 00:00:00:00:00:00 inet6 fe80::203:1dff:fe03:e81c%ngeth0 prefixlen 64 scopeid 0xa nd6 options=3PERFORMNUD,ACCEPT_RTADV On 05.11.2012 16:56, Ermal Luçi wrote: you have to attache the interface yourself to netgraph. ngctl ether $iface -iirc After that you can continue renaming the interface etc... But you will have issues with restart of pfSense. There was never something pushing this to be implemented. On Mon, Nov 5, 2012 at 2:16 PM, David Brodski da...@brodski.eu mailto:da...@brodski.eu wrote: Hi, my ISP gives me one global IP per computer (mac address / dhcp) attached to my cable modem. When I use pfsense as firewall, I can only get one IP since it only has one wan interface. I do not know the IP addresses before, they are not static IPs. Is there a way to do that in pfsense without adding another ethernet card? I already found similar topics, but they are quit old and the links are not working (http://www.mail-archive.com/support@pfsense.com/msg02096.html). It seams that either I need the kernel modul ng_ether.ko or change some scripts since I can not add a bridge to my interfaces. If I run ngctl list I'll get unamed interfaces and the real interfaces re0 and re1 are not in the list, similar to http://forum.pfsense.org/index.php/topic,36722.msg189344.html . The solution they describe is missing some steps or I just do not get it :-D. I also tried http://www.daemonforums.org/showpost.php?s=3301fb2839be371ede93676af845f86bp=19494postcount=12 but the line ngctl mkpeer ngeth0: bridge lower link0 gives me an error (probably the missing ng_ether.ko). Is there a way to get that kind of configuration? This is the first time working with BSD so don't be to harsh :-) Thanks for the help, David --
Re: [pfSense] More than one MAC address on one phys.ethernet interface
On Mon, Nov 5, 2012 at 2:31 PM, David Brodski da...@brodski.eu wrote: Thank you for the replay, but I it is not working. There's about 0 chance of that working without source code hacking. You'll need one NIC per IP to do that easily. I'd suggest a real, proper static IP assignment rather than that mess that no packaged firewall solution can properly support without one NIC per IP if your ISP can offer anything different. ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] More than one MAC address on one phys.ethernet interface
2012/11/6 Chris Buechler c...@pfsense.org: On Mon, Nov 5, 2012 at 2:31 PM, David Brodski da...@brodski.eu wrote: Thank you for the replay, but I it is not working. There's about 0 chance of that working without source code hacking. You'll need one NIC per IP to do that easily. I'd suggest a real, proper static IP assignment rather than that mess that no packaged firewall solution can properly support without one NIC per IP if your ISP can offer anything different. ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list Just an idea (thoughts not fully replayed to end): Put some further Nics (as much as macs needed - would be difficult if you like to have 16 or more IP's - lol) into the pfSense box. Configure Proxy Arp - you have to manually add a line to /boot/loader.conf and into the config as shell cmd. iirc it was 'net.link.ether.inet.proxyall=1' for loader.conf and sysctl net.link.ether.inet.proxyall=1 as shell cmd. So you will get the different IP's onto those nics. Forward all traffic to (over) those nics to the default gw assigned by your ISP. this, may be will, not work cause of the Bootp/dhcp-requests if you have the local dhcp service enabled. Not fully sure, but if so dhc-relay can may be help. And for completeness, its not the securest solution - if it should work. M. -- = = = http://michael-schuh.net/ = = = Projektmanagement - IT-Consulting - Professional Services IT Michael Schuh Postfach 10 21 52 66021 Saarbrücken phone: 0681/8319664 @: m i c h a e l . s c h u h @ g m a i l . c o m = = = Ust-ID: DE251072318 = = = ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] More than one MAC address on one phys.ethernet interface
2012/11/6 Michael Schuh michael.sc...@gmail.com: 2012/11/6 Chris Buechler c...@pfsense.org: On Mon, Nov 5, 2012 at 2:31 PM, David Brodski da...@brodski.eu wrote: Thank you for the replay, but I it is not working. There's about 0 chance of that working without source code hacking. You'll need one NIC per IP to do that easily. I'd suggest a real, proper static IP assignment rather than that mess that no packaged firewall solution can properly support without one NIC per IP if your ISP can offer anything different. ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list Just an idea (thoughts not fully replayed to end): Put some further Nics (as much as macs needed - would be difficult if you like to have 16 or more IP's - lol) into the pfSense box. Configure Proxy Arp - you have to manually add a line to /boot/loader.conf and into the config as shell cmd. iirc it was 'net.link.ether.inet.proxyall=1' for loader.conf and sysctl net.link.ether.inet.proxyall=1 as shell cmd. So you will get the different IP's onto those nics. Forward all traffic to (over) those nics to the default gw assigned by your ISP. Sorry not very precise here: the outgoing traffic routed to 0.0.0.0/0. this, may be will, not work cause of the Bootp/dhcp-requests if you have the local dhcp service enabled. Not fully sure, but if so dhc-relay can may be help. And for completeness, its not the securest solution - if it should work. M. ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] More than one MAC address on one phys.ethernet interface
2012/11/6 Michael Schuh michael.sc...@gmail.com: 2012/11/6 Michael Schuh michael.sc...@gmail.com: 2012/11/6 Chris Buechler c...@pfsense.org: On Mon, Nov 5, 2012 at 2:31 PM, David Brodski da...@brodski.eu wrote: Thank you for the replay, but I it is not working. There's about 0 chance of that working without source code hacking. You'll need one NIC per IP to do that easily. I'd suggest a real, proper static IP assignment rather than that mess that no packaged firewall solution can properly support without one NIC per IP if your ISP can offer anything different. ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list Just an idea (thoughts not fully replayed to end): Put some further Nics (as much as macs needed - would be difficult if you like to have 16 or more IP's - lol) into the pfSense box. Configure Proxy Arp - you have to manually add a line to /boot/loader.conf and into the config as shell cmd. iirc it was 'net.link.ether.inet.proxyall=1' for loader.conf and sysctl net.link.ether.inet.proxyall=1 as shell cmd. So you will get the different IP's onto those nics. Forward all traffic to (over) those nics to the default gw assigned by your ISP. Sorry not very precise here: the outgoing traffic routed to 0.0.0.0/0. this, may be will, not work cause of the Bootp/dhcp-requests if you have the local dhcp service enabled. Not fully sure, but if so dhc-relay can may be help. And for completeness, its not the securest solution - if it should work. M. *doh* as i sayed before - not thought to end: is it not possible and simpler to put further nics from that pfSense on a switch connected to the cable modem? The ISP should than give you a netmask of 32 bits setted back? ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list