Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 06 Feb 2009 01:59:11 +0200
From:      Nikos Vassiliadis <nvass@freemail.gr>
To:        =?ISO-8859-1?Q?Fr=E9d=E9ric_Perrin?= <frederic.perrin@resel.fr>
Cc:        FreeBSD Questions <freebsd-questions@freebsd.org>
Subject:   Re: Multiple MAC on a single (physical) interface
Message-ID:  <498B7D4F.10809@freemail.gr>
In-Reply-To: <863aeunkj0.fsf@chameau.maisel.enst-bretagne.fr>
References:  <863aeunkj0.fsf@chameau.maisel.enst-bretagne.fr>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
Frédéric Perrin wrote:
> Hello,
> 
> I live in a network where it is pretty much assumed that one machine ==
> one MAC address == one IP address. Therefore, in order to play with
> jails, some having of course access to the network, I need to be able to
> send and receive using several MAC addresses, as if I had several NIC
> (which I of course don't have).
> 
> I first describe the setup I have come up with, then ask the list a
> couple of questions.
> 
> rl0 (my only physical interface) is made promiscous, and its otherwise
> fine configuration is not touched (it still has it MAC and IP address) :
> # ifconfig rl0 promisc
> 
> Create a bridge, and attach it rl0 :
> # ifconfig bridge0 create
> # ifconfig bridge0 addm rl0 up
> 
> Create 2 interfaces : the first one will be connected to the
> bridge, the other will be the one we really want to use.
> 
> # ifconfig tap0 create
> # ifconfig bridge0 addm tap0 up
> # ifconfig tap1 create
> 
> Link tap0 to tap1, I have been using the br_select.c example that
> comme with the generic tap/tun driver on vtun.sf.net (basically, what
> it does is :
> @ open(/dev/tap0); open(/dev/tap1);
> @ for ever:
> @     if there is data in tap0, copy it to tap1
> @     if there is data in tap1, copy it to tap0
> @ end for
> 
> Then, configure tap1 as wanted, as in :
> # ifconfig tap0 up ; ifconfig tap1 up
> # dhclient tap1
> 
> Then start a jail with the IP given to tap1, with a network service in
> it (sshd will do). Check that ssh'ing to the jail works.
> 
> It should be possible to create use n tap devices, by doing :
> @ for ever:
> @     if there is data in tap0, copy it to tap1, ... tapn
> @     if there is data in tap1 or ... tapn, copy it to tap0
> @ end for
> 
> Also, while researching my problem, I see that it shouldn't be very
> hard to add hooks to rc.conf to automate all this process.
> 
> Questions :
> 
> It seems quite a convoluted setup (especially having to make a tunnel
> from tap0 to tap1 ... tapn). Is there an easier way ? Comments ?

Yes, you could use a netgraph bridge to bridge several
ethernet interfaces together. Luckily, there is also a
pseudo-ethernet-like interface you can attach to this
bridge and of course you get to treat the pseudo-ethernet
as a regular ethernet interface, that is, change its
MAC address.

The process is described here:
http://www.bsdatwork.com/2004/06/19/mac_spoofing_on_freebsd/

It's simple and an all-in-kernel solution.

HTH, Nikos





Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?498B7D4F.10809>