Re: Multiple MAC address on one interface

[Rogan Dawes <discard () dawes za net>]

Sounds like you want to do something like proxy arp, with multiple MAC 
addresses.

If I understand you correctly, you want to be able to operate as follows:

DHCP request an address using MAC#1, link the address and MAC
DHCP request an address using MAC#2, link the address and MAC
...

Then, for traffic passing through this firewall, NAT'd to address#1, 
send from MAC#1, etc.

I'd approach this in the following way:

Firstly, hack DHCPCD to allow you to specify the MAC address you send, 
and record the results (address allocated) in different places per MAC. 
(one way would be to have a list of MAC addresses, and iterate through 
them in the following way:

for MAC in addresses; do
ifconfig eth0 hw ether $MAC
dhcpcd -i eth0
# get the allocated address from /etc/dhcpcd/whatever
# and write it somewhere linked to the associated MAC
done

)

If I understand how the cable modems work, you may be able to simply 
configure aliases to a single ethernet card (eth0, eth0:0, eth0:1, etc), 
and use proxy arp to tell your Linux firewall to use them. All traffic 
would appear to be from the MAC of the primary ethernet card (or the 
last MAC address that you used in the above script), but maybe your ISP 
does not check MAC to IP address allocations after they have been 
issued. In this case, straightforward NAT and iptables rules should 
"just work".

If the ISP *IS* checking (using something like arpwatch, or similar), 
then you will have to come up with some way of ensuring that traffic 
from each unique IP address recieves the appropriate MAC address. This 
may require a custom iptables module, I'm afraid. I've never heard of 
such a beast previously.

If, as you imply, your only intention is to "reserve" these IP addresses 
for later use, you may never need to jump through all these hoops. Give 
your ISP a list of made up MAC addresses, manually retrieve IP addresses 
for them once, using the abovementioned "script", and log the results. 
Then simply configure your new machines to use the appropriate made up 
MAC address instead of the real one when you commission them. Linux is 
easy (as above), but I think it is possible for Windows as well.

Good luck!

Rogan

P.S. One thing to consider is where to get your list of MAC addresses 
from. Probably the safest thing will be to use the vendor range from a 
REALLY old range of cards (e.g. old 3c509 ISA ethernet cards), so that 
there is a minimal chance of a collision. Alternatively, just make them 
up randomly and take your chances! Don't just increment your existing 
MAC address, as the odds of a collision with another card are greater if 
you take this approach!

chicks () chicks net wrote:
> I'm dealing with a hard headed Cable ISP that won't give out additional 
> IP's unless there's a unique MAC for each.  (what a crock!)  Eventually 
> the plan is to hang five boxes off this connection (for development 
> purposes) and it'd be much simpler to only have to deal with the wanky 
> cable company once.  I could put five NIC's in a box, but that seems a 
> waste of hardware (and would require using a couple of expensive 
> dual-interface NIC's).  So, is there some cheap way to have one NIC 
> respond to multiple MAC addresses?  I'm most comfortable with Linux, but 
> if I needed to use BSD or something else I'd be willing to do that.

--
Rogan Dawes

*ALL* messages to discard () dawes za net will be dropped, and added
to my blacklist. Please respond to "lists AT dawes DOT za DOT net"
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards