Is there a way to add a fake MAC address (or two) without disabling the real one? I see a way to change it, but I don't want to change it. I only want to add a MAC.

The upstream router isn't flushing its ARP cache and for 2 of my IPs, it always tries sending them to specific MACs that are not present. The switch is broadcasting those packets, so it doesn't know where those MAC addresses are. I actually get the intended packets arriving on the interface, and can see them in "tcpdump -e". But the network stack seems to be just discarding them.

Also, I do NOT want to do this permanently (so no config file changes), only temporarily until I can get someone to have the router flush its ARP cache. So maybe an ifconfig command option?

FYI, any responses to ARP queries should still use the real MAC, not the added fake ones.

Arp should be dynamic in most cases. Routers would only send to the wrong system if you made static arp entries. In the case of flushing, that generally refers to dynamic. I can't remember the exact time but it is like 2 to 4 minutes or so.

I don't think your fix ought to start with adding more trouble in the mix.

It's a workaround. Until I can reach someone at the ISP that even knows what ARP is, I was seeking this.

One worry I have is that the router involved might have had some kind of "smarts" added by its manufacturer, where it would hold onto the ARP entry as long as there was traffic to the IP address (so the ARP entry is not idle). That would, of course, be incorrect logic. But I have heard of it being done. But there are a few "kiddie probes" to each IP address happening all the time, looking for open ports they can exploit. I haven't seen a 2 minute period pass without 2 or 3 such probes, so that's why I'm worrying about that kind of logic.

I can't see why the ISP would have put static ARP entries in, but maybe they did for the previous customer with those IPs.

Then maybe we need to hear the rest of the story. I think we are getting confused here.

Where is this router?

What is the exact fault you have? You posed a question that is missing the issues of the story. We need the symptoms of this issue.




Rant.

An ISP could put a static arp I'd guess in some weird instance. In fact it is known that many NIC cards have the same mac address. It has never proven to be an issue but it is possible. They simply do not make enough mac addresses so they get re-used. Almost impossible that a mac would be in the same subnet.
More likely they would base authentication based on mac in some odd settings but dunno of too many ISP's that do that still.

I really don't want to be getting into trying to solve an ISPs issue here. But the backstory is that at a remote office which got a /29 block of IPs over a DSL connection that appears to be bridged because the gateway is outside the /29, but inside the /24 ... some of the IPs don't work. The ones at .105 and .106 do work. The server I have there is on .105. When I run tcpdump, I can see traffic intended for .104 .106 .107 .108 and .109. For .106 all I see is ARP, until I configured the server to include that IP temporarily. Then it answered ARP and I could get the traffic. For .104 .107 .108 and .109, there is no ARP. It just sends the traffic. But it is sending it to a couple different MAC addresses we don't have. The .104 and .108 go to one MAC and the .107 and .109 go to another. It does look like static ARP. But the tech support people don't even know what static ARP is (they know how to help me configure Windows). When I tell them not all our static IPs work, they seem confused (how can some work and not all). They think it is a routing table. They send the ticket to networking and nothing happens. The ADSL modem has been power cycled a few times but it is no help.

We also have .110 and .111 but I would expect to not see those as they are being responded to by the wireless router there, or at least .110 is. So the switch knows with port specific MAC based traffic goes to. Because those 2 mystery MACs are not getting it response, it just broadcasts them and hence the server sees them.


NIC cards with dup MAC addresses wouldn't be an issue unless they end up on the same broadcast segment. Perhaps some companies are going short on MAC addresses figuring this would hardly ever happen.

I don't see how a static ARP would address that issue, anyway. If two NICS have the same MAC, they are still both going to be accepting the traffic. If an ISP were to add a static ARP entry, I'd think it would be due to some issue with ARP being mishandled by perhaps the client machine somewhere ... previous ISP client with these IPs.

FYI, I did ping across the entire /24 from outside. I only saw packets for the .104 through .109 addresses.

Anyway, if there is no way add two more MAC addresses, then I'll move on. At the moment I'm trying to think how I can fake adding interfaces that I can give MAC addresses to through bridging in the kernel.

You can on most nic cards make or change the reported mac address. See mac cloning. Almost all newer nics support it.

http://compnetworking.about.com/od/n...dressing_2.htm

But this is CHANGEing the MAC. I need to ADD two other MACs to what it already has. I don't have an option to add two more NICs.

In bridging, I can transparently pass a full ethernet frame received from somewhere else, with its original source MAC intact. What I want to do would be to effectively create 2 more instances of interfaces, which use these fake MACs, with each being bound to 2 IP address (total of 4 for the added MACs plus 1 for the original MAC).

The host must the accept traffic addressed at the link layer to any of the 3 MAC addresses. Also, for outgoing traffic, it must use the correct MAC address for the source IP address it is using. New outgoing connections can just use the first IP address and first MAC. But outgoing traffic on connections established coming in to specific IPs with different MACs must use the correct MAC as its source. This also applies to new traffic with source IP address binding.

Can I change the MAC address of a bridge interface itself? Can I associate 2 bridges to one physical interface?

A virtual nic or some of the other type of nic type can be changed.

I know of no way to have two mac addresses on a single nic and tcp stack but I'd guess someone sonmewhere did it.

Acceptable would be some kind of virtual interfacing (aliases like eth0:1 don't do this because they really are not virtual as many docs say, just aliases), where additional interfaces can be used. I was able to add ONE more "interface" via bridging, by giving the bridge itself a MAC address. Since one interface only works with one bridge, this one became the limit. I could not connect a bridge to a bridge. And when I did give the bridge a MAC address, a strange thing happened: all traffic even from the ordinary interface, started using that new MAC address, even though "ifconfig eth0" showed its original MAC.

I think at this point it would require some kind of program leaching off an interface and connecting to the device side or a couple TAP interfaces would be required. And that's not the "quick workaround" I was looking for. We may just drop this ISP at this point and find another.

just a dumb question, but how do your NICs have anything to do with the upstream router on the ISP?

what kind of internt connection is this? if i'm not mistaken even DSL modems/cable modems have their own MAC address for the WAN interface, so perhaps it's your local modem/access point that's having the problem?

Have you tried putting the interface in promiscuous mode?

Yes. That's how I can see the packets intended for other MACs. FYI, the switch is sending them to all hosts because it has no record of which port the intended MAC destination is on.

The upstream router on the ISP has an ARP table. For the two IP addresses that are working, it operates like any normal interface and records the MAC address of whatever host responds, and uses that MAC address to send the packets addressed to that IP address.

This DSL modem appears to be operating in bridging mode, although our IP assignment is a /29 subnet (8 IP addresses) with last octets of .104-.111, the gateway IP address is .1 and the netmask is 255.255.255.0. It has to operate in bridging mode for two customers in this same range to reach each other. Or else is has to operate in some obscure mode that emulates it. The ADSL modem has been power cycled a few times, already, just to be sure. Our wireless AP at that site is operating in router mode on the .110 IP address. It can reach the two working IP addresses OK.

FYI, bridging mode has an advantage, as long as it is properly filtered to prevent address hijacking between customers. That advantage is that it doesn't have to reserve a base address and broadcast address separately for each customer subnet assignment. This makes it easy to assign 253 addresses within the /24 that upstream router is configured with. A customer that needs 2 IPs can get 2 IPPs without wasting 2 other IPs. You can (and in the 1990's I did) do this with routers provided you have a router at each and AND use a private IP /30 in between them to route through. I was able to assign a /31 subnet to a customer that way, or use all 4 IPs in a /30 subment.

Probable solution is over in this thread: http://www.linuxquestions.org/questi...evices-907269/