From owner-freebsd-questions@FreeBSD.ORG Fri Feb 6 00:15:06 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E1D0E106566C for ; Fri, 6 Feb 2009 00:15:06 +0000 (UTC) (envelope-from nvass@freemail.gr) Received: from smtp.freemail.gr (smtp.freemail.gr [81.171.104.132]) by mx1.freebsd.org (Postfix) with ESMTP id 83F338FC12 for ; Fri, 6 Feb 2009 00:15:06 +0000 (UTC) (envelope-from nvass@freemail.gr) Received: from [192.168.1.9] (adsl110-64.ath.forthnet.gr [79.103.113.64]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.freemail.gr (Postfix) with ESMTP id 489DE3381A0; Fri, 6 Feb 2009 01:59:30 +0200 (EET) Message-ID: <498B7D4F.10809@freemail.gr> Date: Fri, 06 Feb 2009 01:59:11 +0200 From: Nikos Vassiliadis User-Agent: Thunderbird 2.0.0.19 (Windows/20081209) MIME-Version: 1.0 To: =?ISO-8859-1?Q?Fr=E9d=E9ric_Perrin?= References: <863aeunkj0.fsf@chameau.maisel.enst-bretagne.fr> In-Reply-To: <863aeunkj0.fsf@chameau.maisel.enst-bretagne.fr> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit Cc: FreeBSD Questions Subject: Re: Multiple MAC on a single (physical) interface X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Feb 2009 00:15:07 -0000 Frédéric Perrin wrote: > Hello, > > I live in a network where it is pretty much assumed that one machine == > one MAC address == one IP address. Therefore, in order to play with > jails, some having of course access to the network, I need to be able to > send and receive using several MAC addresses, as if I had several NIC > (which I of course don't have). > > I first describe the setup I have come up with, then ask the list a > couple of questions. > > rl0 (my only physical interface) is made promiscous, and its otherwise > fine configuration is not touched (it still has it MAC and IP address) : > # ifconfig rl0 promisc > > Create a bridge, and attach it rl0 : > # ifconfig bridge0 create > # ifconfig bridge0 addm rl0 up > > Create 2 interfaces : the first one will be connected to the > bridge, the other will be the one we really want to use. > > # ifconfig tap0 create > # ifconfig bridge0 addm tap0 up > # ifconfig tap1 create > > Link tap0 to tap1, I have been using the br_select.c example that > comme with the generic tap/tun driver on vtun.sf.net (basically, what > it does is : > @ open(/dev/tap0); open(/dev/tap1); > @ for ever: > @ if there is data in tap0, copy it to tap1 > @ if there is data in tap1, copy it to tap0 > @ end for > > Then, configure tap1 as wanted, as in : > # ifconfig tap0 up ; ifconfig tap1 up > # dhclient tap1 > > Then start a jail with the IP given to tap1, with a network service in > it (sshd will do). Check that ssh'ing to the jail works. > > It should be possible to create use n tap devices, by doing : > @ for ever: > @ if there is data in tap0, copy it to tap1, ... tapn > @ if there is data in tap1 or ... tapn, copy it to tap0 > @ end for > > Also, while researching my problem, I see that it shouldn't be very > hard to add hooks to rc.conf to automate all this process. > > Questions : > > It seems quite a convoluted setup (especially having to make a tunnel > from tap0 to tap1 ... tapn). Is there an easier way ? Comments ? Yes, you could use a netgraph bridge to bridge several ethernet interfaces together. Luckily, there is also a pseudo-ethernet-like interface you can attach to this bridge and of course you get to treat the pseudo-ethernet as a regular ethernet interface, that is, change its MAC address. The process is described here: http://www.bsdatwork.com/2004/06/19/mac_spoofing_on_freebsd/ It's simple and an all-in-kernel solution. HTH, Nikos