Date: Fri, 06 Feb 2009 01:59:11 +0200 From: Nikos Vassiliadis <nvass@freemail.gr> To: =?ISO-8859-1?Q?Fr=E9d=E9ric_Perrin?= <frederic.perrin@resel.fr> Cc: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: Multiple MAC on a single (physical) interface Message-ID: <498B7D4F.10809@freemail.gr> In-Reply-To: <863aeunkj0.fsf@chameau.maisel.enst-bretagne.fr> References: <863aeunkj0.fsf@chameau.maisel.enst-bretagne.fr>
next in thread | previous in thread | raw e-mail | index | archive | help
Frédéric Perrin wrote: > Hello, > > I live in a network where it is pretty much assumed that one machine == > one MAC address == one IP address. Therefore, in order to play with > jails, some having of course access to the network, I need to be able to > send and receive using several MAC addresses, as if I had several NIC > (which I of course don't have). > > I first describe the setup I have come up with, then ask the list a > couple of questions. > > rl0 (my only physical interface) is made promiscous, and its otherwise > fine configuration is not touched (it still has it MAC and IP address) : > # ifconfig rl0 promisc > > Create a bridge, and attach it rl0 : > # ifconfig bridge0 create > # ifconfig bridge0 addm rl0 up > > Create 2 interfaces : the first one will be connected to the > bridge, the other will be the one we really want to use. > > # ifconfig tap0 create > # ifconfig bridge0 addm tap0 up > # ifconfig tap1 create > > Link tap0 to tap1, I have been using the br_select.c example that > comme with the generic tap/tun driver on vtun.sf.net (basically, what > it does is : > @ open(/dev/tap0); open(/dev/tap1); > @ for ever: > @ if there is data in tap0, copy it to tap1 > @ if there is data in tap1, copy it to tap0 > @ end for > > Then, configure tap1 as wanted, as in : > # ifconfig tap0 up ; ifconfig tap1 up > # dhclient tap1 > > Then start a jail with the IP given to tap1, with a network service in > it (sshd will do). Check that ssh'ing to the jail works. > > It should be possible to create use n tap devices, by doing : > @ for ever: > @ if there is data in tap0, copy it to tap1, ... tapn > @ if there is data in tap1 or ... tapn, copy it to tap0 > @ end for > > Also, while researching my problem, I see that it shouldn't be very > hard to add hooks to rc.conf to automate all this process. > > Questions : > > It seems quite a convoluted setup (especially having to make a tunnel > from tap0 to tap1 ... tapn). Is there an easier way ? Comments ? Yes, you could use a netgraph bridge to bridge several ethernet interfaces together. Luckily, there is also a pseudo-ethernet-like interface you can attach to this bridge and of course you get to treat the pseudo-ethernet as a regular ethernet interface, that is, change its MAC address. The process is described here: http://www.bsdatwork.com/2004/06/19/mac_spoofing_on_freebsd/ It's simple and an all-in-kernel solution. HTH, Nikos
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?498B7D4F.10809>