Multiple MAC on a single (physical) interface

Nikos Vassiliadis nvass at freemail.gr
Fri Feb 6 06:51:43 PST 2009


Frédéric Perrin wrote:
> Le Jeudi 5 à 10:05, Nikos Vassiliadis a écrit :
>> Frédéric Perrin wrote:
>>>                                                     I need to be able
>>> to send and receive using several MAC addresses, as if I had several
>>> NIC (which I of course don't have).
>>>
>>> [...]
>>>
>> Yes, you could use a netgraph bridge to bridge several
>> ethernet interfaces together. Luckily, there is also a
>> pseudo-ethernet-like interface you can attach to this
>> bridge and of course you get to treat the pseudo-ethernet
>> as a regular ethernet interface, that is, change its
>> MAC address.
>>
>> The process is described here:
>> http://www.bsdatwork.com/2004/06/19/mac_spoofing_on_freebsd/
> 
> Oh, yes, I actually remember trying that. However, on the first ngctl(8)
> invocation I do (even a 'ngctl list' after a clean reboot), the kernel
> says :
> 
>> WARNING: attempt to net_add_domain(netgraph) after domainfinalize()
> 
> I can reproduce this by doing a 'kldload ng_socket'. kldstat(8) says
> that the module is loaded anyway.
> 
> A quick googling says that this message is harmless. A 2006 post says
> that it was silenced in 6-STABLE ; it lokks like this haven't made its
> way to the 7.1-RELEASE I'm using.

This warning appeared on 7-CURRENT.

> However ;
> 
> On the next step, when I create the bridge, I have :
> 
> # ngctl -dd mkpeer ngeth0: bridge lower link0
> [...]
> ngctl: sendto(ngeth0:): No such file or directory
> ngctl: send msg: No such file or directory
> 
> I guess I have to read more in details about how netgraph works in
> recent releases of FreeBSD before goiing on. Unfortunately, I will soon
> be physically away from my FreeBSD box for a week, and fiddling with net
> interfaces is tipically something I'm afraid of doing through SSH.
> 
> Thanks anyway from the pointer.
> 

You can create the pseudo ethernets using
'ngctl mkpeer . eiface hook ether' and bridge
them using if_bridge. You don't have to use the
ng_bridge, if_bridge will work fine with the
virtual ethernet interfaces.

But there are other limitations that came up
when I tried this setup...

Apparently you'll want to use IP addresses from the
same network. For example:
fxp0   10.0.0.1/24 ether 00:00:00:01:01:01
ngeth0 10.0.0.2/32 ether 00:00:00:02:02:02
ngeth1 10.0.0.3/32 ether 00:00:00:03:03:03
etc

Since there is not much sense in saying that network 10.0.0.0/24
is attached to more than one interfaces, you'll have to use /32
masks for all the aliases, and a /24 for the fxp0 one, right?

FreeBSD will then know that network 10.0.0.0/24 is attached to
fxp0 and will use fxp0's IP and MAC address to do the ARP query...

So, in short, if you use such a setup:
fxp0   10.0.0.1/24 ether 00:00:00:01:01:01
ngeth0 10.0.0.2/32 ether 00:00:00:02:02:02
ngeth1 10.0.0.3/32 ether 00:00:00:03:03:03
The IP address in use will be the 10.0.0.1 one
and the MAC address will be the 00:00:00:01:01:01 one.

But you can use this one:
fxp0   10.0.0.1/24 ether 00:00:00:01:01:01
ngeth0 10.0.1.2/24 ether 00:00:00:02:02:02
ngeth1 10.0.2.3/24 ether 00:00:00:03:03:03

As far as I know, the only way to achieve this
(having the same network on different interfaces
and many many other features) is the VIMAGE way:
http://imunes.tel.fer.hr/virtnet/

In a few days VIMAGE will be in the SVN repository.

Sorry for the noise... Nikos


More information about the freebsd-questions mailing list