Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Command-line for changing the mac address and renewing IP

    Scheduled Pinned Locked Moved General pfSense Questions
    17 Posts 5 Posters 1.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      chansiuming
      last edited by stephenw10

      How to change the mac address by command line and release the DHCP lease?
      I would like to use the corn job for scheduled mac address change and new my IP from ISP

      I tried to using the FreeBSD command , but it seems not work:

      MAC=`(date; cat /proc/interrupts) | md5sum | sed -r 's/^(.{10}).*$/\1/; s/([0-9a-f]{2})/\1:/g; s/:$//;'`;echo $MAC;ifconfig igb0 down;ifconfig igb0 ether AA:$MAC;ifconfig igb0 up;ifconfig;dhclient igb0
      
      johnpozJ 1 Reply Last reply Reply Quote 0
      • C
        chansiuming
        last edited by chansiuming

        I tried to work with PHP shell, but did not work with the following command:

        dhcp_relinquish_lease('wan', 'igb0', 4);
        interface_bring_down('wan');
        exec;

        Fatal error: Uncaught Error: Call to undefined function dhcp_relinquish_lease() in /usr/local/sbin/pfSsh.php(374) : eval()'d code:5

        1 Reply Last reply Reply Quote 0
        • johnpozJ
          johnpoz LAYER 8 Global Moderator @chansiuming
          last edited by johnpoz

          @chansiuming what is pfsense connected too? If a cable modem, can almost promise you changing your mac on pfsense without a power cycle of the cable modem is not going to work.

          I have never seen a cable modem that did not have to be power cycled when the mac address of what is connected to it changes. Be this swapping devices or routers, or changing one pc for another pc, or connecting a different nic from the same pc, etc.

          When the mac changes - you need to power cycle the cable modem before you connect the different mac.

          If what your connected to is natting - changing the mac and getting a new rfc1918 IP from said device isn't going to accomplish much of anything.

          If you change the mac, and then try to release the dhcp - that lease isn't going to be there because you changed the mac first. You would need to release the dhcp, then change the mac and then get a new lease... But again - if you don't power cycle the cable modem its not going to work..

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.7.2, 24.11

          C 1 Reply Last reply Reply Quote 0
          • C
            chansiuming @johnpoz
            last edited by chansiuming

            @johnpoz
            My ISP provides a directly CAT5e cable connect to my pfsense without a modem (with public IP), I can change my IP by following steps in web GUI:

            1. Release my DHCP lease
            2. Change Wan spoofmac
            3. Renew DHCP
              How can I automate these steps from a PHP shell?
            johnpozJ 1 Reply Last reply Reply Quote 0
            • johnpozJ
              johnpoz LAYER 8 Global Moderator @chansiuming
              last edited by

              @chansiuming they give you a public IP with this? Or a rfc1918/CGnat address?

              An intelligent man is sometimes forced to be drunk to spend time with his fools
              If you get confused: Listen to the Music Play
              Please don't Chat/PM me for help, unless mod related
              SG-4860 24.11 | Lab VMs 2.7.2, 24.11

              C 1 Reply Last reply Reply Quote 0
              • C
                chansiuming @johnpoz
                last edited by chansiuming

                @johnpoz Public IP, need to wait for another 30 mins to after mac address changed.
                Not CGnat , as the IP on WAN same as the https://whatismyipaddress.com/

                johnpozJ 1 Reply Last reply Reply Quote 0
                • johnpozJ
                  johnpoz LAYER 8 Global Moderator @chansiuming
                  last edited by

                  @chansiuming if that is true, seems odd to me that someone that has been playing around with getting new IPs etc.. You have only ever used 1 IP to talk to this forum..

                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                  If you get confused: Listen to the Music Play
                  Please don't Chat/PM me for help, unless mod related
                  SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                  C 1 Reply Last reply Reply Quote 0
                  • C
                    chansiuming @johnpoz
                    last edited by chansiuming

                    @johnpoz it is true, but it has a time limitation on mac address change.
                    May I know if any way to release and renew the wan DHCP lease by PHP shell?
                    if Mac address keeps unchanged = IP does not change, it would be some security concern, as someone keeps port scan those my public IP.

                    johnpozJ 1 Reply Last reply Reply Quote 0
                    • johnpozJ
                      johnpoz LAYER 8 Global Moderator @chansiuming
                      last edited by johnpoz

                      @chansiuming Off the top I wish I could help.. have never attempted to do such a thing. I am having a hard time with a valid use case to even attempt it to be honest..

                      What values are you going to use to change the mac too - randomly changing mac, if done enough at some point most likely is going to duplicate a valid one, unless your using invalid macs ;) That is currently being used - at some point ;)

                      An intelligent man is sometimes forced to be drunk to spend time with his fools
                      If you get confused: Listen to the Music Play
                      Please don't Chat/PM me for help, unless mod related
                      SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                      C 1 Reply Last reply Reply Quote 0
                      • C
                        chansiuming @johnpoz
                        last edited by chansiuming

                        @johnpoz Just a random new mac every night by a cron job, if not it becomes a "static IP" like IP. it would be a security concern.

                        dhcp_relinquish_leas Only available in "guiconfig.inc" which needs login authorization?
                        How any other PHP function that I can use to release and new my wan IP?

                        johnpozJ 1 Reply Last reply Reply Quote 0
                        • johnpozJ
                          johnpoz LAYER 8 Global Moderator @chansiuming
                          last edited by johnpoz

                          @chansiuming said in Command-line for changing the mac address and renewing IP:

                          a "static IP" like IP. it would be a security concern.

                          Not really.. Maybe you believe its a privacy thing.. But what your IP address is just 1 small piece of how you are tracked.

                          Simpler solution would be to use a vpn, or just use IPv6.. In both cases the IP would be used by multiple people and most likely change when you reconnect, and or with IPv6 would change all the time via the temporary IP used to make outbound connections.. This would be out of the quadrillion some IPs that make up any /64 prefix, which is way more IPs than your isp current /18 your coming from..

                          I would like to help - but I just don't see spending cycles on trying to do something with no real valid use case.. It makes no sense to try and force an IP change every X hours or minutes. For the sake of "security"

                          Sure hope you don't think this is going to hide your activity from your ISP, you could change your IP every 5 minutes. And they would still know its you - because your coming from the same physical connection. No matter what IP your using at the time.

                          An intelligent man is sometimes forced to be drunk to spend time with his fools
                          If you get confused: Listen to the Music Play
                          Please don't Chat/PM me for help, unless mod related
                          SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                          C 1 Reply Last reply Reply Quote 1
                          • C
                            chansiuming @johnpoz
                            last edited by

                            @johnpoz ISP must have a log for my mac address / IP change, but changing a public IP would help on the port scan and DDOS

                            JKnottJ 1 Reply Last reply Reply Quote 0
                            • JKnottJ
                              JKnott @chansiuming
                              last edited by

                              @chansiuming

                              DHCP servers have a lease time for which you "own" the address. As long as you don't let the lease expire, you keep the same address. That's simply the way it works.

                              I also have absolutely no idea why you'd want to do this. Most people complain about when their address changes, blocking them from accessing their own network.

                              In my case, the address changes so seldom it's virtually static. The only time it changes is if I change the NIC. Other than that, it would require my ISP reconfiguring the network, which is a very rare occurrence.

                              PfSense running on Qotom mini PC
                              i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                              UniFi AC-Lite access point

                              I haven't lost my mind. It's around here...somewhere...

                              1 Reply Last reply Reply Quote 0
                              • stephenw10S
                                stephenw10 Netgate Administrator
                                last edited by

                                That command gives a number of errors. Make sure each part works first.

                                C 1 Reply Last reply Reply Quote 0
                                • C
                                  chansiuming @stephenw10
                                  last edited by

                                  @stephenw10 May I know if any command in the PHP shell can use to release the DHCP lease ? Thanks

                                  dhcp_relinquish_lease seems not work.

                                  1 Reply Last reply Reply Quote 0
                                  • stephenw10S
                                    stephenw10 Netgate Administrator
                                    last edited by

                                    I couldn't tell you off hand I'd have to dig through the files. Did you include the required file(s) for that function?

                                    1 Reply Last reply Reply Quote 0
                                    • P
                                      pyrodex
                                      last edited by

                                      So I am also interested in this as I have a HA firewall and can only do CARP on the LAN networks. My provider, AT&T, gives me the option of PASS-THROUGH providing "real" WAN IP via DHCP and I lock it down to a single MAC on the Router/Gateway (RG).

                                      So my primary firewall has a spoofed MAC on the WAN that matches the one the RG has configured to hand out leases. My standby HA firewall has the hardware MAC on the WAN interface. The primary gets the "real" WAN IP, publicly routable, and the secondary firewall gets a 192.168.5.X IP from the RG. If I spoofed the MAC on the secondary WAN and shutdown the primary then released/renewed on the secondary it would get the "real" IP on the secondary.

                                      Now I say it is "real" since AT&T does some type of bridge NAT but the NAT table on the RG is still in play.

                                      I am interested in what @chansiuming was looking to do based on my ISP quirks.

                                      I could write a simple script to check CARP status and when it becomes MASTER do the down of WAN, spoof MAC, bring up WAN and boom it should work.

                                      1 Reply Last reply Reply Quote 0
                                      • First post
                                        Last post
                                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.