adding a fake MAC address
Is there a way to add a fake MAC address (or two) without disabling the real one? I see a way to change it, but I don't want to change it. I only want to add a MAC.
The upstream router isn't flushing its ARP cache and for 2 of my IPs, it always tries sending them to specific MACs that are not present. The switch is broadcasting those packets, so it doesn't know where those MAC addresses are. I actually get the intended packets arriving on the interface, and can see them in "tcpdump -e". But the network stack seems to be just discarding them. Also, I do NOT want to do this permanently (so no config file changes), only temporarily until I can get someone to have the router flush its ARP cache. So maybe an ifconfig command option? FYI, any responses to ARP queries should still use the real MAC, not the added fake ones. |
Arp should be dynamic in most cases. Routers would only send to the wrong system if you made static arp entries. In the case of flushing, that generally refers to dynamic. I can't remember the exact time but it is like 2 to 4 minutes or so.
I don't think your fix ought to start with adding more trouble in the mix. |
Quote:
One worry I have is that the router involved might have had some kind of "smarts" added by its manufacturer, where it would hold onto the ARP entry as long as there was traffic to the IP address (so the ARP entry is not idle). That would, of course, be incorrect logic. But I have heard of it being done. But there are a few "kiddie probes" to each IP address happening all the time, looking for open ports they can exploit. I haven't seen a 2 minute period pass without 2 or 3 such probes, so that's why I'm worrying about that kind of logic. I can't see why the ISP would have put static ARP entries in, but maybe they did for the previous customer with those IPs. |
Then maybe we need to hear the rest of the story. I think we are getting confused here.
Where is this router? What is the exact fault you have? You posed a question that is missing the issues of the story. We need the symptoms of this issue. Rant. An ISP could put a static arp I'd guess in some weird instance. In fact it is known that many NIC cards have the same mac address. It has never proven to be an issue but it is possible. They simply do not make enough mac addresses so they get re-used. Almost impossible that a mac would be in the same subnet. More likely they would base authentication based on mac in some odd settings but dunno of too many ISP's that do that still. |
Quote:
We also have .110 and .111 but I would expect to not see those as they are being responded to by the wireless router there, or at least .110 is. So the switch knows with port specific MAC based traffic goes to. Because those 2 mystery MACs are not getting it response, it just broadcasts them and hence the server sees them. Quote:
I don't see how a static ARP would address that issue, anyway. If two NICS have the same MAC, they are still both going to be accepting the traffic. If an ISP were to add a static ARP entry, I'd think it would be due to some issue with ARP being mishandled by perhaps the client machine somewhere ... previous ISP client with these IPs. FYI, I did ping across the entire /24 from outside. I only saw packets for the .104 through .109 addresses. Anyway, if there is no way add two more MAC addresses, then I'll move on. At the moment I'm trying to think how I can fake adding interfaces that I can give MAC addresses to through bridging in the kernel. |
You can on most nic cards make or change the reported mac address. See mac cloning. Almost all newer nics support it.
http://compnetworking.about.com/od/n...dressing_2.htm |
Quote:
In bridging, I can transparently pass a full ethernet frame received from somewhere else, with its original source MAC intact. What I want to do would be to effectively create 2 more instances of interfaces, which use these fake MACs, with each being bound to 2 IP address (total of 4 for the added MACs plus 1 for the original MAC). The host must the accept traffic addressed at the link layer to any of the 3 MAC addresses. Also, for outgoing traffic, it must use the correct MAC address for the source IP address it is using. New outgoing connections can just use the first IP address and first MAC. But outgoing traffic on connections established coming in to specific IPs with different MACs must use the correct MAC as its source. This also applies to new traffic with source IP address binding. Can I change the MAC address of a bridge interface itself? Can I associate 2 bridges to one physical interface? |
A virtual nic or some of the other type of nic type can be changed.
I know of no way to have two mac addresses on a single nic and tcp stack but I'd guess someone sonmewhere did it. |
Quote:
I think at this point it would require some kind of program leaching off an interface and connecting to the device side or a couple TAP interfaces would be required. And that's not the "quick workaround" I was looking for. We may just drop this ISP at this point and find another. |
just a dumb question, but how do your NICs have anything to do with the upstream router on the ISP?
what kind of internt connection is this? if i'm not mistaken even DSL modems/cable modems have their own MAC address for the WAN interface, so perhaps it's your local modem/access point that's having the problem? |
Have you tried putting the interface in promiscuous mode?
|
Quote:
|
Quote:
This DSL modem appears to be operating in bridging mode, although our IP assignment is a /29 subnet (8 IP addresses) with last octets of .104-.111, the gateway IP address is .1 and the netmask is 255.255.255.0. It has to operate in bridging mode for two customers in this same range to reach each other. Or else is has to operate in some obscure mode that emulates it. The ADSL modem has been power cycled a few times, already, just to be sure. Our wireless AP at that site is operating in router mode on the .110 IP address. It can reach the two working IP addresses OK. FYI, bridging mode has an advantage, as long as it is properly filtered to prevent address hijacking between customers. That advantage is that it doesn't have to reserve a base address and broadcast address separately for each customer subnet assignment. This makes it easy to assign 253 addresses within the /24 that upstream router is configured with. A customer that needs 2 IPs can get 2 IPPs without wasting 2 other IPs. You can (and in the 1990's I did) do this with routers provided you have a router at each and AND use a private IP /30 in between them to route through. I was able to assign a /31 subnet to a customer that way, or use all 4 IPs in a /30 subment. |
Probable solution is over in this thread: http://www.linuxquestions.org/questi...evices-907269/
|
All times are GMT -5. The time now is 08:31 AM. |