[ previous ] [ next ] [ threads ]
 
 From:  "Jonathan De Graeve" <Jonathan dot De dot Graeve at imelda dot be>
 To:  "Molle Bestefich" <molle dot bestefich at gmail dot com>, <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Problem Report: <spoofmac> and VLANs does not interplay.
 Date:  Thu, 8 Jun 2006 16:37:40 +0200 
> -----Oorspronkelijk bericht-----
> Van: Molle Bestefich [mailto:molle dot bestefich at gmail dot com]
> Verzonden: donderdag 8 juni 2006 16:16
> Aan: m0n0wall at lists dot m0n0 dot ch
> Onderwerp: [m0n0wall] Problem Report: <spoofmac> and VLANs does not
> interplay.
> 
> Hi
> 
> Where's the proper place to submit m0n0wall bug reports?
> 
> 
> Problem:
> ========
> A custom MAC address can be specified for any interface, which is very
> practical in some situations.
> For example, the m0n0wall kernel does not find the right MAC address
> for my NICs, instead making up bogus broadcast addresses.
> 
> When you create a VLAN interface, a tag is applied to outgoing packets
> and stripped from incoming packets on the physical interface that is
> the selected parent interface, thus making up the VLAN interface.  But
> the packets must still arrive at the parent interface.
> 
> This does not happen when specifying custom MAC addresses with
> <spoofmac>.  The VLAN interface gets the original MAC address of the
> physical interface which the m0n0wall kernel found, instead of the
> correct custom MAC address.
> 
> That causes ARP requests for the firewall's address(es) within the
> VLAN to deliver the wrong MAC address, thus effectively disabling all
> communication with the firewall over the VLAN.
> 
> 
> Solution:
> =========
> If the parent interface of a VLAN has a <spoofmac> address, assign the
> same <spoofmac> address when the VLAN interface is created.
> 
> (By "created", I do not mean "created in the GUI" but "created using
> whatever VLAN tools BSD use".)
> 
> 
> Workaround:
> ===========
> Every time you create a VLAN or change the parent interface's MAC
> address, download the config.xml file and adjust every VLAN to have
> the same <spoofmac> as their parent interface.  Then upload the file
> again and reboot the firewall.


I think its because the <spoofmac> is entered in the config itself and
not through the GUI.

J.

-- 
Jonathan De Graeve
Network/System Engineer
Imelda vzw
Informatica Dienst
+32 15/50.52.98
jonathan dot de dot graeve at imelda dot be

---------
Always read the manual for the correct way to do things because the
number of incorrect ways to do things is almost infinite
---------