How to make pfSense "scrub" lan VMs MAC-addresses?
-
Hi, how can i make so that all the VMs in my proxmox server, that goes thru my pfSense VM, gets their MAC-address replaced by the pfSense own?
Because Hetzner is very nit-picky about what MAC-addresses that shows up, and currently, all VM guests MAC-addresses shows up, or some of them, and all is set to go thru only the pfSense VM. -
Something upstream of pfSense (on the WAN side) could not see the downstream (LAN side) MAC addresses of hosts in the default config.
Do you have it setup as a transparent firewall, WAN and LAN bridged?Otherwise the only way they could see that is if there's traffic not going through pfSense.
Steve
-
@stephenw10 said in How to make pfSense "scrub" lan VMs MAC-addresses?:
Something upstream of pfSense (on the WAN side) could not see the downstream (LAN side) MAC addresses of hosts in the default config.
Do you have it setup as a transparent firewall, WAN and LAN bridged?Otherwise the only way they could see that is if there's traffic not going through pfSense.
Steve
Im quite sure i have set it up by all rules and means im supposed to.
But i have seen a thread on proxmox forum talking about this and they concluded(?) that hetzner seems to broadcast on the whole subnet until they find a matching MAC-address to send the packages to. So it might be this part thats my problem if its true.
-
MAC addresses are "scrubbed" from every packet passing through a router. On the WAN side you'll only see the WAN side MAC address.
-
There was a similar thread to this a few months back. User kept getting warnings from Hetzner about unregistered MAC addresses. It was a configuration issue though IIRC.
As long as LAN side clients are sending all their traffic through pfSense anything on the WAN side cannot see the LAN side MACs.
Since it's all virtual though Hetzner may be looking on the LAN side?Steve
