Changing WAN MAC Caused Serious Problems
-
I just tried to change my WAN's MAC address (in attempt to get into the "good" pool of IP addresses from my ISP) and it made pfSense behave badly. In the "MAC controls" field of the WAN interface I entered a MAC address that was 2 higher than the default value (from …:c0 to ...:c2). The change appeared to go OK and after rebooting the cable modem, I did receive a new IP address from my ISP (but, sadly, not in the pool I was hoping for). pfSense showed the new IP and even had correct IP's for DNS servers (so it appears the DHCP handshake was successful) but at no time was internet connectivity ever restored. pfSense acted like everything was being firewalled and dropped. Even changing minor settings in pfSense's web interface often took 30 - 60 seconds to complete. I rebooted several times. During each reboot, while looking at the console it appeared to hang for a long time at 2 sections: Configuring WAN and Starting DNS Resolver (during normal reboots in the past those 2 sections complete rather quickly). There were never any error or warning entries in the log files. Eventually, I attempted to undo the MAC setting by putting the WAN MAC field back to blank (which again took over 1 minute to save). Upon rebooting with the blank MAC, Interfaces...(assign) still showed the MAC as changed and not back to its default. Still having no internet, slow web admin saves, and no odd log entries, I then manually set the WAN MAC interface to what it actually is supposed to be. Again all the same (bad) behavior. I eventually had to "Reset to factory defaults" and restore from a backup to get the system working properly again. Now, 2 hours and 2 angry kids and 1 angry wife later, I'm back to working with the same crappy public IP I was trying to run away from.
-
What type of NIC/driver? Some NICs don't take kindly to spoofing the MAC.
Mine works fine spoofing the MAC with an igb NIC, but IIRC at least Realtek can have issues and might require the NIC to be put into promisc mode to work in that case.
-
Perhaps that is my problem. My box is a Shuttle XH61V with RealTek NICs. pfSense enumerates it as RealTek 8168/8111 B/C/CP/D/DP/E/F/G PCIe Gigabit Ethernet.
-
If you try it again, run "ifconfig re0 promisc" (or whatever your WAN NIC is) and see if it works then. If so, you can put that into a shellcmd.
-
Thanks. It looks like you nailed it and there appears to be an open bug report already (https://bugs.freebsd.org/168268)….although it doesn't seem to be getting much attention.
-
Realtek cards/chips have, unfortunately, plenty of issues like this. You also can't set speed/duplex manually on most (all?) of them. The problems aren't inherent to the FreeBSD driver, either, IIRC it's the card/chip itself.
One of many reasons to avoid Realtek…