Mapping IP addresses to MAC addresses
 

Hi! I need to connect three devices via ethernet, through a Nilox Switch8Premium, to the same computer. The problem is that these devices have the same IPs, i.e. 192.168.0.181, and when I address to or get data from one of them, I can't tell which device I'm actually talking to. The devices are three items of the same product, and their IP cannot be changed, as it has been written in the firmware and they canot be re-programmed. Besides, I know the (three different) MAC addresses of the three devices. Is there any way to assign an arbitrary IP address to each mac address, so that my PC sees the IPs I chose? I need it to be transparent to my pc, so that if I ping one of the new IPs, I get packets from it, exactly as if they were three different IPs. Thanks for your help!
Basilio

Try setting the arp table before contacting one of the three devices:
replacing the "00:00:00:00:00:00:00" with the mac address of the device you want to talk to.
But no, you cannot assign an arbitrary IP address from outside the device and I'm certain that you will run into trouble by using the above method if you actually communicate with more than one machine.

If you have all 3 devices connected to the same switch then they may cancel each other out.

One thing you can do is change your arp table by adding and deleting MAC addresses mapped to IP addresses; maybe through a script. There is a way to modify the arp table manually and set it as you go.

The other thing you can do is use a swith with VLAN capabilities that will allowyou to use the same network virtually; and a NAT router with several network ports. I don't see how this could be possible, though.

Multiple devices with the same IP on one network is not going to work.
The simplest solution that I can perceive is to put a three-ported router between the PC and the three devices. One device can be on the same network as the PC, and the others would be NATted behind the router. This could be done with a relic PC running linux + iptables and cheap ethernet cards.
I would be interested to hear potential solutions from others.

--- rod

Wow! While I was preparing this, a bunch of other answers slipped in infront of me. I was trying to come up with an iptables solution. This is incomplete, but I'll post it anyway.

I'm pretty sure you can map the incoming MAC addresses to unique IP addresses with an iptables rule. Maybe something like this: Hmmm. This isn't right, but it's a start. You may need to use the mangle table.

You may need to give your PC's ethernet port three different IP addesses.
(Edited for typos.)

Some more fodder...

How does any mapping of IP's to MAC's get around what happens when an ARP request is broadcast? Multiple responses with different MAC's is sure to violate all the rules and purposes of ARP. Only if you can keep the broadcasts from happening, by somehow refreshing the internal ARP table can any single-net scheme work, IMHO. The original poster did not state that the 'PC' was a Unixish host, and I don't know how or if you can even touch the ARP tables on a Windows PC. My bet is that any box that can't be IP configured must be a dedicated Windows toy.

--- rod.

Manually modifying the arp table is called 'arp cache poisoning' and with it you can do 'man in the middle attacks' where you can fake an ethernet addresses to send packets to another with a totally different IP address. For this to work you have to understand the data link layer of the OSI which is the underlying layer of TCP/IP. It's best done using BSD. Some kernels do not allow it such as Solaris. It's far too complicated and not worth the time, hacking network communications, unless you are a super-nerd.

A good question. I was figuring that iptables could be used to explicitely set the outgoing MAC address and outgoing interface. The interface can be set like so: "-j ROUTE -oif eth0". But I don't see how to set the outgoing MAC address.

Note that we are in the Linux - Networking forum, so I'm guessing it is a GNU/Linux PC.
And those Nilox devices are Italian ethernet switches.

Edit: BTW, Windows comes with an arp command.

Of course, I need to do that on a Linux pc. I'm currently running Ubuntu Dapper.
I'm also thinking of solutions such as mounting three different ethernet cards, but still the issue is: they all have the same "built in" ip: 192.168.0.181. How can I read from each of the three devices simultaneously? The general idea/question would be: how can I easily (and low cost) map a device mac address to an arbitrary IP? Once I get an answer to this question, my problem is solved!
Thanks to everybody!
basilio

as I said, arp -s

Thanks, but it doesn't work...
If I remove any previous arp entry for 192.168.0.181 and, e.g., I do:

arp -s 192.168.0.190 00:90:c2:c8:b4:8a

I either can't ping the new (fake) address or cannot read data from it.

But now I put another question:
what if using a (cheap) router (as suggested by rod) ?

---
bas

I'm seriously thinking about using a router and NATting the IPs.
Is it possible to change the packets' source IP according to a desired router
ethernet port? In other words, is it possible to specify a NAT rule for packets incoming from (and outgoing to) a specific router port?

---
bas

I don't think this is the method that was suggested. What you are doing above, is creating a fictitious IP in the ARP table. When a packet arrives at the doorstep of ethernet hardware containing that MAC, it will be discarded, because the IP header will identify it as destined for some other IP.
I think the method that was suggested involves setting the ARP table entry for the device immediately before sending to it, so that there does not have to be an ARP broadcast used to determine the MAC address. There are probably reasons why even this wouldn't work. At best it would be extremely clumsy. If there is more than one machine trying to access these mysterious boxes, then the degree of clumsiness increases exponentially.

Just before you proced any further, there is another potential obstacle. If you use a router with NAT like this:
you would address 'Mystery Box 2 & 3' using different IP's. Is your software on the PC modifiable, to use IP's that are not the default addresses hardwired into the Mystery Boxes? Unless the answer is yes, I don't see any solution better than the ARP cache poisoning scheme.

--- rod.

Thanks Rod!
The code on my pc is fully modifiable, as is written by myself. The only thing that is fixed is just the devices'ip (on the devices' side).
Besides, there's only one machine (my pc, with one ethernet interface) trying to access the "Mistery Box" devices. But, in practice, how can use ARP to get the work done? All I have to do is:
- sending data to the devices
- reading data from the devices
How can I do both by simply using arp (and a three ports switch or hub)?

---
bas

I will explain by giving a brief tutorial of what ARP does (please feel free to bring up corrections or point out errors).
Devices on an ethernet communicate by sending packets of data to either the entire ethernet segment or set of bridged segments (a broadcast), or else to the single specific node that is intended to receive the packet. Each node is identified by a unique MAC address, which is the only way of uniquely identifying an ethernet node on a netork. The TCP/IP protocol, howver, uses it's own addressing scheme, and knows only how to send packets or streams to addresses within it's addressing domain. ARP is the protocol that is used to translate between IP and ethernet addressing (may be used for other link-layer and physical layer protocols, too). When the IP stack wishes to send a packet to a specific other IP node, it must be able to encapsulate that packet in the correctly formatted ethernet packet header, which contains the MAC of the target node. In order to know that MAC, it uses ARP. If the MAC is unknown to the sending node, it braodcasts a request for it (broadcast at the ethernet level). The broadcast says, "Who knows the MAC for XXX.XXX.XXX.XXX?". Any node that already knows the answer may reply, including the target node, itself. Having learned the answer, the sender typically caches the MAC-IP mapping locally, so it doesn't have to ask later (does anyone know whether other nodes also cache the reply, or is it sent uni-cast?). This is the ARP cache that you can dump with 'arp -a'.
How does this relate to your problem? Well, clearly, there is more than one correct answer to the ARP request packet, and that is outside the universe of acceptable conditions. In order to avoid the situation of getting multiple different replies to an ARP Request packet, the strategy is to 'poison' the arp cache with a mapping that we already know we want to use (in this case, it might be more appropriate to descibe it as 'sweetening' the cache, but I digress). This prevents the request from being broacast. In your situation, you would have to 'sweeten' the cache with the desired MAC immediately before sending messages to the Mystery Boxes. This would have to be done manually, using arp. You would have to sweeten the cache every time you wanted to use a different Mystery Box, or whenever the MAC was dropped from the cache due to expiry timeout. If the software that is used to communicate with the Mystery Boxes is open source, it could probably be modified to do this cache sweetening automatically.



Hope this helps.

--- rod.