spoof mac
-
Net:
192.168.224.1(Win81) ---- vlan224_pf_Lan_192.168.224.254 -- vlan223_pf_Wan_192.168.223.254 ---- 192.168.223.1_vlan223_(Win81)New installation of pf community version 2.7.2 , configuration:
According to the forum search information, modify the configuration, add the vmx0(spoof_Mac) interface, and set up a new Mac
Test network unavailable
How to solve this problem, thanks!
-
Did the MAC change on the VLAN interface as shown in
ifconfigor Status > Interfaces?Can you not change the MAC in the hypervisor instead?
-
@UClinux what exactly are you trying to accomplish? Normally there is little reason to create vlans in psfense on a esxi install, because you can just create a interface in esxi and assign it to pfsense as another interface..
-
Recently, I connected to another network, and the uplink port restricted a certain mac address to communicate. So I tried the spoof mac function.
@stephenw10
Yes, it has changed.@johnpoz
^_^, yes, after posting this topic yesterday, I remembered that I could manually specify the mac address on the virtual machine network card to solve this problem directly.Let's discuss. If it is a physical machine environment, the spoof mac function is still needed. I did not test it successfully. Knowing more methods means more choices.
Search the forum to find topics, some successful, some unsuccessful.
ps:
I tried a method to modify it and it worked. I modified /etc/inc/interfaces.inc and added
mwexec ("/sbin/ifconfig vmx0 ether 40:8d:5c:50:25:19"); However, this is not the officially recommended method. The update may be overwritten, which is not elegant enough. -
@UClinux not sure what they changed in esxi - haven't used it in a while.. But I recall just being able to set the mac right in the gui.
-
Yes, to solve my current problem, I directly specify the MAC of the virtual machine network card.
In my test /etc/inc/interfaces.inc solution, the esxi port group needs to enable three options (Promiscuous Mode, MAC Address Changes, Forged Transmits) to succeed.
At present, there are no extra vlan switches around me, and the core switch is a bit far from my office, so I can't connect it directly for testing. There is no condition to test the spoof mac function in a physical environment without esxi.
Thanks @johnpoz @stephenw10
-
Supplement, for future reference if someone encounters the same problem.
I did some tests later and ruled out pf, but the problem was the same.
The final result was that the esxi virtual machine would check the mac match by default. If it does not match the mac in the vmx configuration file, the communication will fail. Customizing the mac on the gui can only set a fixed prefix,Reference:
https://community.broadcom.com/vmware-cloud-foundation/discussion/custom-mac-address-in-esx-4#bm65eebd63-587b-41e1-8108-b951b7ef03d0And because the new version of esxi parameter definition checkMACAddress is invalid
ethernet1.checkMACAddress = "false"I don't want to enable promiscuous mode in the vds port group, so the final solution is to add a network card to modify the vmx configuration of the virtual machine to define two items:
ethernet1.addressType = "static" ethernet1.address = "10:2d:3c:40:55:63"Reference:
https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-networking/GUID-F9243FED-F081-498F-B4A9-EF950292AF77.htmlOf course, modify mac from the system layer,
1, such as pfsense, modify /etc/inc/interfaces.inc Add mwexec ("/sbin/ifconfig vmx0 ether 10:2d:3c:40:55:63"); Updates will be overwritten
2, Windows system settings network card mac
and then enable the three items (Promiscuous Mode, MAC Address Changes, Forged Transmits) on vds. It is feasible and communication is possible. I did not adopt this solution
