next »

[GoldServe]

On pfsense 2.0 release, it has been noted many times in the forum before but I can't seem to clone a different mac address on the interfaces for my cable modem. When I put in a new mac address and hit apply, the interface will come up, go down, come up, go down.

If someone can find out the reason and fix it, I'd be happy to pay them.

Thanks for reading!

[jimp]

FYI- The related redmine ticket:
http://redmine.pfsense.org/issues/1572

[GoldServe]

I did see that ticket but there seems to be no progress in fixing this very important feature. Any insight in where the problem lies would be helpful. Thanks.

[Cino]

Did you read the ticket?

From Chris Buechler:

this has never worked in any 8.x base versions, it's a problem in FreeBSD 8.x. It's intermittent, I ran that way for 2 years and only hit it twice. It's something we'll report upstream later if it hasn't already been fixed in 9, that's why this is here.

I can't speak for the dev team but my guess is to wait until pfSense 2.1 comes out using FreeBSD 9.x and hopefully FreeBSD fixed the issue or have a patch that can be applied.

[GoldServe]

I checked Freebsd bug reports and saw nothing related to this. I would think this feature is pretty important. I am not pinning my hope on this being fixed on 9.0 so i'm trying to raise awareness and maybe some motivation for fixing this...

[jimp]

You should try to replicate it with DHCP+spoofed mac on a stock FreeBSD 8.x box. If it's broken there, file a FreeBSD PR. Raising awareness here of a FreeBSD bug, while interesting, won't really accomplish anything with getting it fixed in FreeBSD.

[GoldServe]

The really weird this is that in Pfsense, I will remove the spoofed mac address and hit apply, but when you check in the shell using ifconfig, the spoofed mac address still persists. The link is all stable at this time with no flapping up and down. Of course this method won't survive a reboot though. I've looked at the pfsense interfaces.inc code and i can't find anything wrong with that is is doing but that's just me.

On a related note, is it possible to put the spoof mac in a file like rc.conf using ifconfig_em0 = "ether xx:xx:xx:xx:xx:xx" or something similar using loader.conf.local?

[jimp]

pfSense does not retain the NIC's original MAC address when it's spoofed, so only a reboot will get that back.

You can spoof a mac on freebsd using rc.conf, I don't recall the exact syntax (been a while since I had to do it) but it's possible, it's one of the ifconfig_* commands you can run.

[GoldServe]

My point is that pfsense is able to spoof the mac and have everything work but when that spoofed mac is entered into the interfaces config, the system will take down the interface continuously. Does this mean it has something to do with pfsense or the way it is spoofing the mac? I'm tempted to change the command from

ifconfig <interface> link <mac> to ifconfig <interface> ether <mac>

or even take down the interface manually before mac change and bring it back up after mac change.

BTW, I don't see rc.conf in /etc so can I make one and freebsd will read this file to process?

[jimp]

If you have a real FreeBSD install, /etc/rc.conf would be there. It is ignored on pfSense, which would not generally be considered a valid "FreeBSD" platform when it comes to submitting FreeBSD PRs, since we customize things quite a lot.

Trying ether instead of link would be a good test.

[GoldServe]

Please close this bounty now. As a work around, I installed shellcmd package and put the following commands in order to set the mac address during boot. The downside is I have to reboot but i don't change macs that often.

Code:

ifconfig em1 down earlyshellcmd
ifconfig em1 ether xx:xx:xx:xx:xx:xx earlyshellcmd
ifconfig em1 up earlyshellcmd

[jimp]

I have a sneaky suspicion I see what's going on here now, or at least a theory to test.

[jimp]

Try this instead, at line 2595 of /etc/inc/filter.inc:

Remove this:

Code:

if ($wancfg['spoofmac']) {

And replace it with this:

Code:

$mac = get_interface_mac($realhwif);
if ($wancfg['spoofmac'] && ($wancfg['spoofmac'] != $mac)) {

[Kamel]

I'm not sure if this is of any help to you guys, but I use mac address cloning and haven't yet had any issues with it *shrugs*