From owner-freebsd-questions@FreeBSD.ORG Thu Feb 11 14:31:09 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4E3291065670 for ; Thu, 11 Feb 2010 14:31:09 +0000 (UTC) (envelope-from m.seaman@black-earth.co.uk) Received: from smtp.infracaninophile.co.uk (gate6.infracaninophile.co.uk [IPv6:2001:8b0:151:1::1]) by mx1.freebsd.org (Postfix) with ESMTP id AE4158FC16 for ; Thu, 11 Feb 2010 14:31:08 +0000 (UTC) Received: from seedling.black-earth.co.uk (seedling.black-earth.co.uk [81.187.76.163]) (authenticated bits=0) by smtp.infracaninophile.co.uk (8.14.4/8.14.4) with ESMTP id o1BEUmDg002983 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO); Thu, 11 Feb 2010 14:30:55 GMT (envelope-from m.seaman@black-earth.co.uk) X-DKIM: Sendmail DKIM Filter v2.8.3 smtp.infracaninophile.co.uk o1BEUmDg002983 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=black-earth.co.uk; s=201001-black-earth; t=1265898655; bh=jqcGo7/RQ1om06UpbbeTXbQyYDcdbOLMjQ634shgxOA=; h=Message-ID:Date:From:MIME-Version:To:CC:Subject:References: In-Reply-To:Content-Type:Cc:Content-Type:Date:From:In-Reply-To: Message-ID:Mime-Version:References:To; z=Message-ID:=20<4B74148E.8090405@black-earth.co.uk>|Date:=20Thu,=2 011=20Feb=202010=2014:30:38=20+0000|From:=20Matthew=20Seaman=20|User-Agent:=20Mozilla/5.0=20(Macintosh=3 B=20U=3B=20Intel=20Mac=20OS=20X=2010.6=3B=20en-GB=3B=20rv:1.9.1.7) =20Gecko/20100111=20Thunderbird/3.0.1|MIME-Version:=201.0|To:=20Ja mes=20Smallacombe=20|CC:=20freebsd-questions@freebsd.org| Subject:=20Re:=20yikes!=20=20MAC=20address=20changed=20??|Referenc es:=20=20=20=20<4B73EC31.6030209@black-earth.co. uk>=20|In-Reply- To:=20|X-Enigmai l-Version:=201.0|Content-Type:=20multipart/signed=3B=20micalg=3Dpg p-sha1=3B=0D=0A=20protocol=3D"application/pgp-signature"=3B=0D=0A= 20boundary=3D"------------enig1D5A9850DE44E05A54191F1B"; b=eThM+rpRT+jnaWeJv5Xf4KTiSqvijnHuBIvQ9Bqr/GSUPl3ms/uNei9p1N+40t2xY PTwD2Bpauh763iT2HJJcnOxEuo+QVqJ30qUb6aXF218t1rjlCWWdVs+euKDtZbnD2Q hv7eGliwVWYTJq0gU0XjP/3JgPebOzNNE2tV4a8g= Message-ID: <4B74148E.8090405@black-earth.co.uk> Date: Thu, 11 Feb 2010 14:30:38 +0000 From: Matthew Seaman User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-GB; rv:1.9.1.7) Gecko/20100111 Thunderbird/3.0.1 MIME-Version: 1.0 To: James Smallacombe References: <4B73EC31.6030209@black-earth.co.uk> In-Reply-To: X-Enigmail-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig1D5A9850DE44E05A54191F1B" X-Virus-Scanned: clamav-milter 0.95.3 at happy-idiot-talk.infracaninophile.co.uk X-Virus-Status: Clean X-Spam-Status: No, score=-1.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,PLING_QUERY,SPF_FAIL,URIBL_RED autolearn=no version=3.3.0 X-Spam-Checker-Version: SpamAssassin 3.3.0 (2010-01-18) on happy-idiot-talk.infracaninophile.co.uk Cc: freebsd-questions@freebsd.org Subject: Re: yikes! MAC address changed ?? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Feb 2010 14:31:09 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig1D5A9850DE44E05A54191F1B Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 11/02/2010 12:22, James Smallacombe wrote: >> It's not 'arp -s' that is used to change the MAC address on an >> interface, but ifconfig(8) -- something like this: >> >> # ifconfig re0 ether 00:17:e0:4f:b9:c0 >=20 > See my second post. I screwed up in my first post. It wasn't the MAC > address of my NIC that changed, it's the MAC address of the DEFAULT > GATEWAY that changed. I believe that would use 'arp', not 'ifconfig', > right? Ah, right. Please ignore my previous bletherings. Had wrong end of stick. >>> 2) Could an Ethernet card defect or re0 driver problem cause anything= >>> like this? Other bug? >> >> Yes -- this is the most likely cause. Hardware problems. The MAC >> address is built into the network card using an EEPROM or such like, >> and those can conceivably go bad. Replace the NIC and see if the >> problems go away. >=20 > Ok, longer shot here...could a hardware problem on my box screw up the > MAC address of the default gateway? It should be noted that when I did= > and ifconfig -a during this down time, the Ether showed "no carrier".=20 > Could messed up ARP tables even do that? I would think that the carrie= r > just needs a cable plugged from the NIC into a switch? I still think it's probably hardware. The question is: duff router or duff server? A good test is to see what happens to another box on the same network segment. If there's another machine already there that will do, or try plugging in a laptop configured with a spare IP and the correct default gateway. Then try pinging around other addresses on the network, and beyond your gateway box. If this third machine: * can ping the world successfully, and gets the original (correct) mac address -- then your server is where the problem is * can ping the world successfully, but gets the changed mac address -- then your router has somehow changed mac: whether deliberately, by operator accident or by hardware flaking out. In which case, you can leave everything running with the changed mac for the time being while you concentrate on dealing with the router. * can't ping the default gateway or ping through it, but can ping other machines on the local net, irrespective of what MAC it picks up for the default gateway. -- then the router is fubar. At best it is responding to ARP requests with a corrupt MAC address and can be cured by a reboot or similar. At worst, it needs expensive replacement therapy. You can't change the MAC address on the router by fiddling with arp(8) on your server. You can however terminally confuse your server as to what the MAC address of the router really is, and you can make mayhem by creating an arp conflict and having your machine usurp the router's mac address. Best not to do either of those things. Just let the arp table be populated automatically. Unless marked as permanent, addresses in the arp cache will time out and be refreshed once they reach the maximum age: % sysctl net.link.ether.inet.max_age net.link.ether.inet.max_age: 1200 which equates to 20 minutes. So if you simply wait, it will frequently sort itself out. Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard, Flat 3 Black Earth Consulting Ramsgate Kent, CT11 9PW Free and Open Source Solutions Tel: +44 (0)1843 580647 --------------enig1D5A9850DE44E05A54191F1B Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.14 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkt0FJgACgkQ8Mjk52CukIz3VwCfb3O69Uql2ZjxVZ555i212d90 YOEAn2/fpuFH8nfgSN61WbhVUXrRZ1s7 =0VKN -----END PGP SIGNATURE----- --------------enig1D5A9850DE44E05A54191F1B--