Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    One bug I would pay $50 to fix!!!

    Expired/Withdrawn Bounties
    4
    14
    8048
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      GoldServe last edited by

      On pfsense 2.0 release, it has been noted many times in the forum before but I can't seem to clone a different mac address on the interfaces for my cable modem. When I put in a new mac address and hit apply, the interface will come up, go down, come up, go down.

      If someone can find out the reason and fix it, I'd be happy to pay them.

      Thanks for reading!

      1 Reply Last reply Reply Quote 0
      • jimp
        jimp Rebel Alliance Developer Netgate last edited by

        FYI- The related redmine ticket:
        http://redmine.pfsense.org/issues/1572

        1 Reply Last reply Reply Quote 0
        • G
          GoldServe last edited by

          I did see that ticket but there seems to be no progress in fixing this very important feature. Any insight in where the problem lies would be helpful. Thanks.

          1 Reply Last reply Reply Quote 0
          • C
            Cino last edited by

            Did you read the ticket?

            From Chris Buechler:

            this has never worked in any 8.x base versions, it's a problem in FreeBSD 8.x. It's intermittent, I ran that way for 2 years and only hit it twice. It's something we'll report upstream later if it hasn't already been fixed in 9, that's why this is here.

            I can't speak for the dev team but my guess is to wait until pfSense 2.1 comes out using FreeBSD 9.x and hopefully FreeBSD fixed the issue or have a patch that can be applied.

            1 Reply Last reply Reply Quote 0
            • G
              GoldServe last edited by

              I checked Freebsd bug reports and saw nothing related to this. I would think this feature is pretty important. I am not pinning my hope on this being fixed on 9.0 so i'm trying to raise awareness and maybe some motivation for fixing this…

              1 Reply Last reply Reply Quote 0
              • jimp
                jimp Rebel Alliance Developer Netgate last edited by

                You should try to replicate it with DHCP+spoofed mac on a stock FreeBSD 8.x box. If it's broken there, file a FreeBSD PR. Raising awareness here of a FreeBSD bug, while interesting, won't really accomplish anything with getting it fixed in FreeBSD.

                1 Reply Last reply Reply Quote 0
                • G
                  GoldServe last edited by

                  The really weird this is that in Pfsense, I will remove the spoofed mac address and hit apply, but when you check in the shell using ifconfig, the spoofed mac address still persists. The link is all stable at this time with no flapping up and down. Of course this method won't survive a reboot though. I've looked at the pfsense interfaces.inc code and i can't find anything wrong with that is is doing but that's just me.

                  On a related note, is it possible to put the spoof mac in a file like rc.conf using ifconfig_em0 = "ether xx:xx:xx:xx:xx:xx" or something similar using loader.conf.local?

                  1 Reply Last reply Reply Quote 0
                  • jimp
                    jimp Rebel Alliance Developer Netgate last edited by

                    pfSense does not retain the NIC's original MAC address when it's spoofed, so only a reboot will get that back.

                    You can spoof a mac on freebsd using rc.conf, I don't recall the exact syntax (been a while since I had to do it) but it's possible, it's one of the ifconfig_* commands you can run.

                    1 Reply Last reply Reply Quote 0
                    • G
                      GoldServe last edited by

                      My point is that pfsense is able to spoof the mac and have everything work but when that spoofed mac is entered into the interfaces config, the system will take down the interface continuously. Does this mean it has something to do with pfsense or the way it is spoofing the mac? I'm tempted to change the command from

                      ifconfig <interface>link <mac>to ifconfig <interface>ether <mac>or even take down the interface manually before mac change and bring it back up after mac change.

                      BTW, I don't see rc.conf in /etc so can I make one and freebsd will read this file to process?</mac></interface></mac></interface>

                      1 Reply Last reply Reply Quote 0
                      • jimp
                        jimp Rebel Alliance Developer Netgate last edited by

                        If you have a real FreeBSD install, /etc/rc.conf would be there. It is ignored on pfSense, which would not generally be considered a valid "FreeBSD" platform when it comes to submitting FreeBSD PRs, since we customize things quite a lot.

                        Trying ether instead of link would be a good test.

                        1 Reply Last reply Reply Quote 0
                        • G
                          GoldServe last edited by

                          Please close this bounty now. As a work around, I installed shellcmd package and put the following commands in order to set the mac address during boot. The downside is I have to reboot but i don't change macs that often.

                          ifconfig em1 down earlyshellcmd
                          ifconfig em1 ether xx:xx:xx:xx:xx:xx 	earlyshellcmd
                          ifconfig em1 up 	earlyshellcmd
                          
                          1 Reply Last reply Reply Quote 0
                          • jimp
                            jimp Rebel Alliance Developer Netgate last edited by

                            I have a sneaky suspicion I see what's going on here now, or at least a theory to test.

                            1 Reply Last reply Reply Quote 0
                            • jimp
                              jimp Rebel Alliance Developer Netgate last edited by

                              Try this instead, at line 2595 of /etc/inc/filter.inc:

                              Remove this:

                              	if ($wancfg['spoofmac']) {
                              

                              And replace it with this:

                              	$mac = get_interface_mac($realhwif);
                              	if ($wancfg['spoofmac'] && ($wancfg['spoofmac'] != $mac)) {
                              
                              1 Reply Last reply Reply Quote 0
                              • K
                                Kamel last edited by

                                I'm not sure if this is of any help to you guys, but I use mac address cloning and haven't yet had any issues with it shrugs

                                1 Reply Last reply Reply Quote 0
                                • First post
                                  Last post

                                Products

                                • Platform Overview
                                • TNSR
                                • pfSense
                                • Appliances

                                Services

                                • Training
                                • Professional Services

                                Support

                                • Subscription Plans
                                • Contact Support
                                • Product Lifecycle
                                • Documentation

                                News

                                • Media Coverage
                                • Press
                                • Events

                                Resources

                                • Blog
                                • FAQ
                                • Find a Partner
                                • Resource Library
                                • Security Information

                                Company

                                • About Us
                                • Careers
                                • Partners
                                • Contact Us
                                • Legal
                                Our Mission

                                We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                                Subscribe to our Newsletter

                                Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                                © 2021 Rubicon Communications, LLC | Privacy Policy