Multiple MAC on a single (physical) interface

Frédéric Perrin frederic.perrin at resel.fr
Wed Feb 4 10:30:05 PST 2009 

Hello,

I live in a network where it is pretty much assumed that one machine ==
one MAC address == one IP address. Therefore, in order to play with
jails, some having of course access to the network, I need to be able to
send and receive using several MAC addresses, as if I had several NIC
(which I of course don't have).

I first describe the setup I have come up with, then ask the list a
couple of questions.

rl0 (my only physical interface) is made promiscous, and its otherwise
fine configuration is not touched (it still has it MAC and IP address) :
# ifconfig rl0 promisc

Create a bridge, and attach it rl0 :
# ifconfig bridge0 create
# ifconfig bridge0 addm rl0 up

Create 2 interfaces : the first one will be connected to the
bridge, the other will be the one we really want to use.

# ifconfig tap0 create
# ifconfig bridge0 addm tap0 up
# ifconfig tap1 create

Link tap0 to tap1, I have been using the br_select.c example that
comme with the generic tap/tun driver on vtun.sf.net (basically, what
it does is :
@ open(/dev/tap0); open(/dev/tap1);
@ for ever:
@     if there is data in tap0, copy it to tap1
@     if there is data in tap1, copy it to tap0
@ end for

Then, configure tap1 as wanted, as in :
# ifconfig tap0 up ; ifconfig tap1 up
# dhclient tap1

Then start a jail with the IP given to tap1, with a network service in
it (sshd will do). Check that ssh'ing to the jail works.

It should be possible to create use n tap devices, by doing :
@ for ever:
@     if there is data in tap0, copy it to tap1, ... tapn
@     if there is data in tap1 or ... tapn, copy it to tap0
@ end for

Also, while researching my problem, I see that it shouldn't be very
hard to add hooks to rc.conf to automate all this process.

Questions :

It seems quite a convoluted setup (especially having to make a tunnel
from tap0 to tap1 ... tapn). Is there an easier way ? Comments ?

When googling for this, I was surprised not to find explanations on
how to do that. Is my google fu lacking and me missing the obvious ?

If this solution is a valid one, where can I post it for all to see ?
(I thought about wiki.f.o, but it is developer-only it seems.
forums.f.o ?)

I'm not subscribed to the list, CC me in your answer, please.

-- 
Fred

More information about the freebsd-questions mailing list