I've searched the online leaf archives and didn't find a compendium of 
all this info that I've learned so I'm submitting it here. It is 
long-winded and represents what I've learned, on a Dachstein (IDE 
kernel) box, about MAC address management and dhclient & dhcp - my 
initial problem, observations & my resolution. I will speak as though 
all things are unassailable truths in the hopes that someone who does in 
fact know better will feel compelled to stand up and correct me.

First it must be said a great thanks to the people who have made 
LRP/leaf a reality. I love my router. I causes me no grief and I can 
make changes easily. Rightly or not it gives me a warm, fuzzy feeling of 
security. Thank you.

Situation:
    - I setup my router in the 'standard' eth0-internet-dhclient, 
eth1-internal-dhcpserver, eth2-dmz-fixed-address arrangement with no 
funny NAT or anything
    - I don't have anything on eth2 at the time and eth1 serves only a 
coupl'a PC's
    - I am a Rogers (Ontario) high-speed subscriber.
    - Rogers uses DHCP-served ip addresses
    - Rogers locks-in a served IP address (in effect, locking-in that 
particular cable modem) based on the MAC address of the card that 
requested the IP address ... unless a DHCPRELEASE is executed, in which 
case a different MAC address can be used to request an IP address
    - I had an E2B (Eiger2Beta) box (called "Rold"; P1-133; eth0 is on a 
PCI NIC) up and running for about 18 months with no probs, except the 
dhclient-lease-renewal issue which aggravated me once per year. I 
recently got the dhclient 2.0pl5 to make that particular problem go away.
    - I had always wanted to have a backup router box so I setup a 486 
with Dach (called "Rnew"; eth0 is on an ISA NIC)
    - I cannot substitute the boxes directly because of this: if my 
Rold:eth0 card dies or Rold blows up I will have lost track of what it's 
MAC address was
    - I obviously cannot coerce a PCI card (current eth0) into an ISO 
slot on the upgrade box
    - Because E2B & Dach use dhclient 2.0pl5 I can't perform a 'release' 
of my IP address
    - Thus I have to contact Rogers and beg then to clear the MAC 
address from their ARP table
    - Resetting a MAC address seems to be a big deal to Rogers and a 
pain for me, the user, to accomplish (call, wait, wait, wait, describe 
(lie about using Linux), argue, beg, beg some more, succeed)
    - If I knew the MAC addy of Rold:eth0 and could set Rnew:eth0 to 
that addy then I would have no problem in the first place
    - Better yet, if I set them both up in the first place, with a 
known, easy-to-remember MAC address then I would always have a 100% 
swap-in box at the ready and never need to worry about this stupid 
MAC-address lockdown that Rogers uses cuz I could _remember_ what my MAC 
addy is supposed to be!
    - This issue would also effect someone who: wants to upgrade from 
one box to another, whose ISP does a mac-addy lockdown, who doesn't want 
want to transport eth0 to the upgrade box (and who may not even be able 
to specify that that card is eth0 what with one's lesser control over 
ethN assignment with PCI cards, etc)

Observations:
    - IMO, a shortcoming in E2B/Dach if I may: E2B & Dachstein both have 
a dhclient of version 2.0pl5. This version does not permit one to 
perform a release of the IP address. Don't bother to try (dhclient -r 
eth0 ???) because you don't get that ability until dhclient version 3. 
So my devil's advocate question is (and I'll post a separate 
compile-request): is there a material reason that we don't have a newer 
version of dhclient in the Dach package?
    - On the web one can read about changing the dhcp-client-identifier 
identifier (Dach: lrcfg/3/4/1) as a means of changing one's MAC address 
(format: 01:aa:bb:cc:dd:ee:ff where aa...ff is your fake mac addy, in 
hex octet form - NOTE the leading 01: !!!). This may be theoretically 
true but it didn't work for me. From a posting 
(http://www.geocrawler.com/mail/msg.php3?msg_id=3072792&list=465) by the 
guy (Ted Lemon) behind dhcp:

 > It`s [Window NT-based DHCP servers are] required to take the
 > client identifier in favor of the MAC address.

it would seem to be the case that it _should_ work it didn't for me. 
However, the fact is that the adapter's MAC address is sent as a 
separate field to the client-identifier, which means that Rogers can 
accomplish what they are doing. If you're running a dhcp-Server on your 
leaf box then view the contents of /var/state/dhcp/dhcpd.leases to see 
what I mean (in example below 00:04:05:5d:7d:4e is the MAC addy of the 
card doing the DHCP request; "uid" is the client-identifier):

 > lease 192.168.0.1 {
 >         starts 4 2002/04/04 06:40:37;
 >         ends 4 2002/04/04 18:40:37;
 >         hardware ethernet 00:04:05:5d:7d:4e;
 >         uid 01:00:04:05:5d:7d:4e;
 >         client-hostname "ske";
 > }

    - how I worked around this situation at first: My usual workstation 
is a Win98SE box that, via the program winipcfg (StartMenu/Run:winipcfg) 
allows me to release an IP address. The problem is that after I plug in 
my cable-modem-connected network cable directly into my windows box I 
still don't have the correct mac address (or IP address for that matter) 
to effect the release ... (from the apocryphal-idea files comes the 
brainfart: would it be possible to set, on this windows box, ones IP 
addy to the fixed address that is the usual dhcp-served-addy, with the 
correct gateway setting, and then booting up using that, execute a 
successful release via winipcfg - probably not?!?!) ...

    Back to the problem at hand - I need to set the correct mac address 
on my windows box ... and this is possible (at least with my OS & 
network driver -dLink DFE-530TX+). Via: StartMenu/ Settings/ 
ControlPanel/ Network/ tab:Configuration/ <relevant_network_adapter_>/ 
properties/tab:Advanced/ property:NetworkAddress/ value (whew!). You can 
enter the 12 characters that represent a MAC addy's six hex chars (e.g. 
0004055d7d4e). Reboot and your windows box should be able to properly 
get served your IP address. Bring up winipcfg, do the release. Now you 
can boot any box and it will get served a 'fresh' ip address (in my case 
if I change MAC address I can usually get a different IP address).
    - ok, so I plug the network cable back into the lrp box and it comes 
up and all is well...
    - the problem of swappable backup boxes still remains - I sure don't 
want to have to be re-connecting my net cables if my lrp box dies and I 
didn't even write-down-and-store-in-a-safe-location the mac address that 
I had to enter on my windows box (do you have your current eth0 mac addy 
written down somewhere?)
    - ... unless I can set the mac addy on my LRP box, right?! Then I 
can set both of them to some memorable mac addy and never have a problem 
with this.

Resolution:
    - one can on the Dach box, do this to set the MAC addy. Do:
        ip link set eth0 down
      then
        ip link set eth0 address aa:bb:cc:dd:ee:ff
      then
        ip link set eth0 up
      and you will have a new MAC address on eth0.
    - So now we have a solution and we need to wrap it all up into some
autoexecutable mechanism.
    - I elected to add this stuff to the /etc/dhclient-enter-hooks
script (Dach: lrcfg/3/4/4). At line 8 I inserted:

 >   # var: REPLACE_ETH0_MAC_ADDRESS
 >   # Performs: Overrides eth0's default (hardware-specific) MAC address
 >   # default: <blank>
 >   # valid settings: blank, or  any mac address in hex octet form
 >   #                 (e.g. 00:04:07:fe:23:a7)
 >   # if blank then no replacement of the eth0's MAC addy happens
 >   ##################################################################
 >   #lrp_200_eth0#REPLACE_ETH0_MAC_ADDRESS=00:00:1b:49:b0:24
 >   #     r1_eth0#REPLACE_ETH0_MAC_ADDRESS=00:04:05:5d:7d:4e
 >   #REPLACE_ETH0_MAC_ADDRESS=00:00:00:00:00:01
 >   REPLACE_ETH0_MAC_ADDRESS=00:00:00:00:00:02

    - and at (now) line 24 (after the 'flush') I added:

 >   if [ "$REPLACE_ETH0_MAC_ADDRESS" != "" ]; then
 >     # skeadditions to fake-out MAC address for eth0
 >     echo "  >> Reassigning MAC address for eth0 << "
 >     echo "   > Stop eth0 (via: ip link set eth0 down)..."
 >     ip link set eth0 down
 >
 >     echo "   > Reassign eth0 MAC address to be 
$REPLACE_ETH0_MAC_ADDRESS..."
 >     echo "     (via: ip link set eth0 address 
$REPLACE_ETH0_MAC_ADDRESS)..."
 >     ip link set eth0 address $REPLACE_ETH0_MAC_ADDRESS
 >
 >     echo "   > Start eth0 (via: ip link set eth0 up)..."
 >     ip link set eth0 up
 >     echo "  >> DONE --> Reassigning MAC address for eth0 <<"
 >   fi

    - save the script and backup. You now have control over your MAC 
address, before it executes the first DHCP-request.
    - attached (if this group so permits ... nope, DENIED IN ADMIN) is 
my dhclient.lrp that is a drop-in replacement if you want to add this 
MAC addy support, or if you prefer I've included just the modified 
client-enter-hooks script

Conclusion:
    - if your ISP uses MAC addy lockdown then...
        - be aware of your dependency on your MAC address; know your MAC 
addy
        - consider setting up a MAC address that is memorable
        - MAC address overriding can be done on LRP boxes to aid in 
redundancy

Unresolved questions:
    - it seems that any valid text char is valid in the Windows MAC-addy 
'value' field: what happens with other chars? Alt-250? Alt-0250? etc?
    - does anyone know rules about what constitutes a valid MAC addy?
    - is dhclient-enter-hooks the best place for addition of such 
functionality?

TidBits:
    - Rogers would not deliver an IP address for the following MAC 
addy's (as set under Win98): 01:02:03:04:05:06, ff:ff:ff:ff:ff:ff. When 
I selected, under Win98, to use 'Not Present' for the MAC addy, it 
seemed (IIRC) to use the last 'value' MAC address that I had specified. 
When I specified a MAC addy of 000000000000 it then used the adapter's 
default hardware MAC addy.
    - I read about (but didn't try) a utility for Linux to change one's 
MAC address, called 'changemac', if you're so interested

Suggestions (to the community):
    - add MAC address handling (via a var) to the Dach network.conf 
script - can we set a var there and have it effect in 
dhclient-enter-hooks? I dunno how myself.
    - for Dachstein, replace the dhclient executable with a newer one 
that supports a DHCPRELEASE command; provide a newer one at Charles' 
modules page (which is where I looked)
    - to my thinking it would make the most sense to override a mac addy 
when a network driver module loads(ne.o, tulip,o, etc), but I never 
found such an option. Am I missing something here (is this in fact the 
best place to specify this? is there a reason that that functionality is 
not already there? is the functionality there but I missed it?)

Final:
    - I have written this doc to contribute back to the community that 
has made my success with leaf possible. For that reason, I invite 
critical (or kudo!) comments back from people about how I did here in 
barfing out a bunch of info. Had I found this doc myself in the first 
place, it would have saved me a bunch of time so that's what I'm trying 
to give back. I prefer that you reply privately ([EMAIL PROTECTED]) 
than on the forum.
    - Thanks to Charles et al for Dachstein!

-- 
The best time to tackle a small problem is before he grows up.


_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Reply via email to