Command-line for changing the mac address and renewing IP

chansiuming · Feb 20, 2022, 11:15 AM

@johnpoz Public IP, need to wait for another 30 mins to after mac address changed.
Not CGnat , as the IP on WAN same as the https://whatismyipaddress.com/

johnpoz · Feb 20, 2022, 11:16 AM

@chansiuming if that is true, seems odd to me that someone that has been playing around with getting new IPs etc.. You have only ever used 1 IP to talk to this forum..

chansiuming · Feb 20, 2022, 11:23 AM

@johnpoz it is true, but it has a time limitation on mac address change.
May I know if any way to release and renew the wan DHCP lease by PHP shell?
if Mac address keeps unchanged = IP does not change, it would be some security concern, as someone keeps port scan those my public IP.

johnpoz · Feb 20, 2022, 11:24 AM

@chansiuming Off the top I wish I could help.. have never attempted to do such a thing. I am having a hard time with a valid use case to even attempt it to be honest..

What values are you going to use to change the mac too - randomly changing mac, if done enough at some point most likely is going to duplicate a valid one, unless your using invalid macs ;) That is currently being used - at some point ;)

chansiuming · Feb 20, 2022, 11:37 AM

@johnpoz Just a random new mac every night by a cron job, if not it becomes a "static IP" like IP. it would be a security concern.

dhcp_relinquish_leas Only available in "guiconfig.inc" which needs login authorization?
How any other PHP function that I can use to release and new my wan IP?

johnpoz · Feb 20, 2022, 11:50 AM

@chansiuming said in Command-line for changing the mac address and renewing IP:

a "static IP" like IP. it would be a security concern.

Not really.. Maybe you believe its a privacy thing.. But what your IP address is just 1 small piece of how you are tracked.

Simpler solution would be to use a vpn, or just use IPv6.. In both cases the IP would be used by multiple people and most likely change when you reconnect, and or with IPv6 would change all the time via the temporary IP used to make outbound connections.. This would be out of the quadrillion some IPs that make up any /64 prefix, which is way more IPs than your isp current /18 your coming from..

I would like to help - but I just don't see spending cycles on trying to do something with no real valid use case.. It makes no sense to try and force an IP change every X hours or minutes. For the sake of "security"

Sure hope you don't think this is going to hide your activity from your ISP, you could change your IP every 5 minutes. And they would still know its you - because your coming from the same physical connection. No matter what IP your using at the time.

chansiuming · Feb 20, 2022, 2:01 PM

@johnpoz ISP must have a log for my mac address / IP change, but changing a public IP would help on the port scan and DDOS

JKnott · Feb 20, 2022, 2:01 PM

@chansiuming

DHCP servers have a lease time for which you "own" the address. As long as you don't let the lease expire, you keep the same address. That's simply the way it works.

I also have absolutely no idea why you'd want to do this. Most people complain about when their address changes, blocking them from accessing their own network.

In my case, the address changes so seldom it's virtually static. The only time it changes is if I change the NIC. Other than that, it would require my ISP reconfiguring the network, which is a very rare occurrence.

stephenw10 · Feb 20, 2022, 4:11 PM

That command gives a number of errors. Make sure each part works first.

chansiuming · Feb 20, 2022, 4:19 PM

@stephenw10 May I know if any command in the PHP shell can use to release the DHCP lease ? Thanks

dhcp_relinquish_lease seems not work.

stephenw10 · Feb 20, 2022, 4:27 PM

I couldn't tell you off hand I'd have to dig through the files. Did you include the required file(s) for that function?

pyrodex · Mar 18, 2022, 3:00 PM

So I am also interested in this as I have a HA firewall and can only do CARP on the LAN networks. My provider, AT&T, gives me the option of PASS-THROUGH providing "real" WAN IP via DHCP and I lock it down to a single MAC on the Router/Gateway (RG).

So my primary firewall has a spoofed MAC on the WAN that matches the one the RG has configured to hand out leases. My standby HA firewall has the hardware MAC on the WAN interface. The primary gets the "real" WAN IP, publicly routable, and the secondary firewall gets a 192.168.5.X IP from the RG. If I spoofed the MAC on the secondary WAN and shutdown the primary then released/renewed on the secondary it would get the "real" IP on the secondary.

Now I say it is "real" since AT&T does some type of bridge NAT but the NAT table on the RG is still in play.

I am interested in what @chansiuming was looking to do based on my ISP quirks.

I could write a simple script to check CARP status and when it becomes MASTER do the down of WAN, spoof MAC, bring up WAN and boom it should work.