[ previous ] [ next ] [ threads ]
 From:  "Jonathan De Graeve" <Jonathan dot De dot Graeve at imelda dot be>
 To:  "Molle Bestefich" <molle dot bestefich at gmail dot com>, <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Problem Report: <spoofmac> and VLANs does not interplay.
 Date:  Thu, 8 Jun 2006 16:37:40 +0200
> -----Oorspronkelijk bericht-----
> Van: Molle Bestefich [mailto:molle dot bestefich at gmail dot com]
> Verzonden: donderdag 8 juni 2006 16:16
> Aan: m0n0wall at lists dot m0n0 dot ch
> Onderwerp: [m0n0wall] Problem Report: <spoofmac> and VLANs does not
> interplay.
> Hi
> Where's the proper place to submit m0n0wall bug reports?
> Problem:
> ========
> A custom MAC address can be specified for any interface, which is very
> practical in some situations.
> For example, the m0n0wall kernel does not find the right MAC address
> for my NICs, instead making up bogus broadcast addresses.
> When you create a VLAN interface, a tag is applied to outgoing packets
> and stripped from incoming packets on the physical interface that is
> the selected parent interface, thus making up the VLAN interface.  But
> the packets must still arrive at the parent interface.
> This does not happen when specifying custom MAC addresses with
> <spoofmac>.  The VLAN interface gets the original MAC address of the
> physical interface which the m0n0wall kernel found, instead of the
> correct custom MAC address.
> That causes ARP requests for the firewall's address(es) within the
> VLAN to deliver the wrong MAC address, thus effectively disabling all
> communication with the firewall over the VLAN.
> Solution:
> =========
> If the parent interface of a VLAN has a <spoofmac> address, assign the
> same <spoofmac> address when the VLAN interface is created.
> (By "created", I do not mean "created in the GUI" but "created using
> whatever VLAN tools BSD use".)
> Workaround:
> ===========
> Every time you create a VLAN or change the parent interface's MAC
> address, download the config.xml file and adjust every VLAN to have
> the same <spoofmac> as their parent interface.  Then upload the file
> again and reboot the firewall.

I think its because the <spoofmac> is entered in the config itself and
not through the GUI.


Jonathan De Graeve
Network/System Engineer
Imelda vzw
Informatica Dienst
+32 15/50.52.98
jonathan dot de dot graeve at imelda dot be

Always read the manual for the correct way to do things because the
number of incorrect ways to do things is almost infinite