# Help with multiple network cards and MAC spoofing [SOLVED]

## Nodecam

I'm trying to follow the instructions in this link: http://www.mythtv.org/wiki/Sasktel_IPTV to get a second network card to pretend that it's my IPTV box (nothing illegal FYI, I just want to capture the channels that I pay for)

The only problem is that Debian networking is significantly different from Gentoo, and I feel like I'm spinning my wheels.  So far, I have eth0 (normal network card that's been in this system since day 1) and eth3 (new network card that I just installed today)  I don't understand what I need to do to enable the second network card - do I just 

```
ln -s /etc/init.d/net.eth0 /etc/init.d/net/eth3
```

and then tinker in /etc/conf.d/net?  More importantly, what do I do in /etc/conf.d/net to accomplish what the above link did on Knoppix/Debian?  ie. spoof Mac address, and send specific client identifiers/vendor codes/etc?

I'm sure it's simple, but I can't get a toehold.  Any help would be greatly appreciated.Last edited by Nodecam on Fri Mar 27, 2009 8:14 pm; edited 1 time in total

----------

## Bones McCracker

```
ln -s /etc/init.d/net.lo /etc/init.d/net.eth3
```

And then create an entry (if necessary) for it in /etc/conf.d/net.

In Gentoo, you can change the MAC address of an interface device temporarily using the standard gnu/linux tools.

Using ifconfig in a shell, it would look something like this:

```
ifconfig eth3 hw ether 00:01:23:45:67:89
```

Using iproute2 in a shell, it would look something like this:

```
ip link set dev eth3 address 00:01:23:45:67:89
```

I mention that in case you want to script it yourself to switch it over just for those periods when want to be impersonating your cable box.  See the man page for either tool; you'd first "down" the interface, then issue that command to set the MAC address, then bring it back up.

Gentoo's networking scripts will make use of whichever tool you have installed (giving preference to iproute2 if both are installed, because it is Dirty Harry's Desert Eagle .44 Magnum to ifconfig's Model 1911 Colt .45).  Regardless, configuration in /etc/conf.d/net is the same (and this is documented for you in /etc/conf.d/net.example, which the world now knows you didn't read thoroughly):    :Razz: 

```
mac_eth3="00:01:23:45:67:89"
```

Also, I believe you can change the MAC address permanently in some devices using 'ethtool -e' and 'ethtool -E', but I wouldn't advise trying it unless you've got extra network cards you don't know what to do with (I realize 10-Base-T cards are about what a cup of coffee goes for these days).

And if you are interested in randomly changing the MAC address of a device each time you bring it up (so you can test your arpwatch daemon, steal Sarah Palin's email without leaving a trail of breadcrumbs to your doorstep, etc.), the conf.d/net config file will also accommodate entries that make use of "macchanger" (again, refer to conf.d/net.example).

----------

## Nodecam

 *Quote:*   

> Gentoo's networking scripts will make use of whichever tool you have installed (giving preference to iproute2 if both are installed, because it is Dirty Harry's Desert Eagle .44 Magnum to ifconfig's Model 1911 Colt .45).  Regardless, configuration in /etc/conf.d/net is the same (and this is documented for you in /etc/conf.d/net.example, which the world now knows you didn't read thoroughly):   
> 
> 

 

Thanks for responding anyway - I know the temptation is to ignore people who appear to have not read the docs.   In this case, I had missed the MAC Spoofing section the first time through, and was pretty embarrassed when I came across it 5 minutes after posting this query.

I got it mostly going I think - though oddly it wouldn't get an IP after I set it up last night.  It seems to be working correctly today.

Any idea where I'd set up the force_igmp_version and rp_filter portions of that?  Also, I couldn't really understand how to translate the 

```
up route add -net 224.0.0.0/4 eth1
```

into a Gentoo routes_eth3 string.

The dhclient bits were all pretty straightforward to get going.

Thanks again!

----------

## Bones McCracker

 *Nodecam wrote:*   

>  *Quote:*   Gentoo's networking scripts will make use of whichever tool you have installed (giving preference to iproute2 if both are installed, because it is Dirty Harry's Desert Eagle .44 Magnum to ifconfig's Model 1911 Colt .45).  Regardless, configuration in /etc/conf.d/net is the same (and this is documented for you in /etc/conf.d/net.example, which the world now knows you didn't read thoroughly):   
> 
>  
> 
> Thanks for responding anyway - I know the temptation is to ignore people who appear to have not read the docs.   In this case, I had missed the MAC Spoofing section the first time through, and was pretty embarrassed when I came across it 5 minutes after posting this query.
> ...

 

Who in their right mind would read all the way to the bottom of that file?  I happened over it by accident one day.   :Razz: 

I didn't read your debian thing.  rp_filter and force_igmp are sysctls.  That may not mean anything.  There are settings for the kernel that can be modified while the kernel is actually running.  Instead of having a big configuration file with "variable = value" entries in it, the kernel creates a virtual filesystem when it starts up.  In there, each variable has a file all to itself, and in that file is just that variable's value.  These variables are often refered to as sysctls  (system controls).  You can set them by writing the value you want to the file (and most of them are simply enabled or disabled "1" or "0".).

The filesystem is called "procfs" and it is mounted in the root directory at /proc.  You can browse it to see what all the possible things are that you can set.  Most of them you'll never need to touch, but a few are commonly useful.

You can change the settings by writing to the file like so (browse the path, I might not be remembering this right):

```
echo "1" > /proc/sys/net/conf/ipv4/eth3/rp_filter
```

Or, you can do it like this (check the "sysctl" man page, I might not be remembering this right)

```
sysctl -w net.conf.ipv4.eth3.rp_filter=1
```

Or, you can create a file and read it in like this:

sysctl -p somefile

where "somefile" would contain your settings like:

```
net.conf.ipv4.eth3.rp_filter=1
```

To make this easy and automatic for people, there is an initscript (an "rc script", or a "runlevel script") that runs at boot that loads a file intended for just this purpose.  The file is located at /etc/sysctl.conf, and the initscript is located with the rest of the initscripts, at /etc/init.d.  The script should already be set up to run at boot time for you.  And the /etc/sysctl.conf file is already there too (and it's probably got a bunch of things in it that some people might want, but they're commented out because most people don't.

THAT is where you want to put those two settings (in the /etc/sysctl.conf file, which will be loaded automatically at boot-time, thereby changing the settings stored in a couple of files in /proc/sys/net/ipv4, which will be read by the kernel and therefore changed, in real-time).  Sorry if you didn't need all that explanation, but otherwise it doesn't make much sense.

If you're curious, you can look at all the sysctls like this:

```
sysctl -A
```

There is a very informative man page that describes the proc filesystem.  (man proc)

Also, there is an explanation of the sysctls (the proc filesystem) in the kernel documentation.  The kernel documentation is found in the kernel sources.

/usr/src/linux/Docmentation/sysctl/*    I think.

It's somewhere in there.  I can't remember exactly.  As I recall, there is one file that deals with sysctls that's not with the others, like maybe it's under "net" or something.   Lots of good stuff in there, if somewhat disorganized.

Have fun!

----------

## Nodecam

That was great info, and got me up and running.

Interestingly, when the machine was rebooted, the nic had the mac changed permanently, which caused it to change to eth5.

But I'm not all the way there yet.

eth5 is not internet routable, and yet it comes up satisfying all the net prereqs, eth0 isn't up yet, and mysql starts up.  It then fails because it's interface isn't available yet.  Is there any way I can make net.eth0 a prerequisite for net.eth5?

Also...

/etc/dhcp/dhclient.conf has the following in it:

```

interface "eth5" {

 request subnet-mask, broadcast-address, domain-name, host-name;

}

```

and yet when it comes up, it sets up eth5 with a default gateway, and overwrites my ntp.conf from the dhcp server.  The time servers that it got from there were bad mojo - suddenly my machine thought it was 2 days into the future.  Any idea why it's getting ntp config from there?

Thanks

----------

## Bones McCracker

 *Nodecam wrote:*   

> Interestingly, when the machine was rebooted, the nic had the mac changed permanently, which caused it to change to eth5.

 

You can control which interface name (e.g. "eth1", "eth5") gets assigned to which device by changing the interface name in the udev rules (/etc/udev/rules.d/70-persistent-net.rules).

 *Nodecam wrote:*   

> eth5 is not internet routable, and yet it comes up satisfying all the net prereqs

 

I'm not sure what you mean here.

 *Nodecam wrote:*   

> eth0 isn't up yet, and mysql starts up.  It then fails because it's interface isn't available yet.

 

So I assume you are automatically starting mysql with something in your initscripts.  You probably need to make that initscript, whatever it its, have a dependency on "net".  Look at the other initscripts for an example, there are several that depend on "net".  You probably also need to turn on strict net checking.  That's done in /etc/conf.d/rc:

```
RC_NET_STRICT_CHECKING="yes"
```

Or, if you're running the new baselayout2 and openrc (which would probably be the case only if you have "ACCEPT_KEYWORDS="~x86" in /etc/make.conf), then it would be in the file that replaced that one, /etc/rc.conf:

```
rc_depend_strict="YES
```

You might also have to turn off parallel service startup (in whichever of those two files you have) if you have it turned on.

 *Nodecam wrote:*   

> Is there any way I can make net.eth0 a prerequisite for net.eth5?

 

This is a little bit tricky.  First I would try this: I think the net services get started in the order they are listed in /etc/conf.d/net.  So put them in the right order.  I'd also put them in same order in the udev rules.  See if that works.

If that doesn't work, the only thing I myself can think of (maybe somebody else can help out here) would be to create your own custom initscript for net.eth5 (what is currently net.eth5) and have it explicitly not say "provide net" and explicitly say "need net".  That will ensure that all the other actual network services are started before the system tries to start net.eth5.  The catch here is that writing a network initscript is not easy.  If you go this route, you might try making a copy of the net.lo initscript (instead of a soft link to it) and editing it accordingly.

 *Nodecam wrote:*   

> /etc/dhcp/dhclient.conf has the following in it:
> 
> ```
> 
> interface "eth5" {
> ...

 

I believe that if you don't have a "config" line in /etc/conf.d/net for the interface, the gentoo networking scripts will default to using dhcp to assign an address (and gateway).  Instead of allowing dhcp to handle that interface, if you want to manually control it, you can create a config entry (see the net.example for examples):

```
config_eth5=( "192.168.0.3/24 brd 192.168.0.255" 
```

 *Nodecam wrote:*   

> and overwrites my ntp.conf from the dhcp server.  The time servers that it got from there were bad mojo - suddenly my machine thought it was 2 days into the future.  Any idea why it's getting ntp config from there?

 

If you are using a static address, that won't happen.  But if you're using dhcp on your other interface, it may happen anyway.  Make sure all of your interfaces specified in dhclient.conf have ntp taken out.  (I had the same problem once, but I honestly can't remember how I fixed it.).  My dhclient.conf looks like this:

```
request subnet-mask, broadcast-address, routers, domain-name-servers;

require subnet-mask, routers, domain-name-servers;
```

----------

## Nodecam

 *BoneKracker wrote:*   

>  *Nodecam wrote:*   eth5 is not internet routable, and yet it comes up satisfying all the net prereqs 
> 
> I'm not sure what you mean here.
> 
> 

 

eth5 is on a private subnet, needed for the iptv that I'm using it for.

It looks like things aren't as peachy as I thought - the eth5 lease just got renewed, and my default gateway got overwritten by eth5's bogus gateway.  I obviously can't have that happening at random times:)

Ideally I'd just use a static address on eth5, but unfortunately I can't.  

 *BoneKracker wrote:*   

>  *Nodecam wrote:*   eth0 isn't up yet, and mysql starts up.  It then fails because it's interface isn't available yet. 
> 
> So I assume you are automatically starting mysql with something in your initscripts.  You probably need to make that initscript, whatever it its, have a dependency on "net".  Look at the other initscripts for an example, there are several that depend on "net".  You probably also need to turn on strict net checking.  That's done in /etc/conf.d/rc:
> 
> ```
> ...

 

mysql is in the default rc level (or whatever the terminology - rc-update add mysql default)  It's got a dependency on net, but because eth5 says it's providing it, it comes up.  What's interesting is that I don't know what brings up eth5.  I didn't add it to any rc levels.  maybe that's my problem?

 *BoneKracker wrote:*   

>  *Nodecam wrote:*   Is there any way I can make net.eth0 a prerequisite for net.eth5? 
> 
> This is a little bit tricky.  First I would try this: I think the net services get started in the order they are listed in /etc/conf.d/net.  So put them in the right order.  I'd also put them in same order in the udev rules.  See if that works.
> 
> 

 

eth5 seems to come up early - triggered by something during boot, but I don't know what.  Where can I go to see the console boot log - there was something interesting in there that I saw scroll by, but I can't find it.

 *BoneKracker wrote:*   

> I believe that if you don't have a "config" line in /etc/conf.d/net for the interface, the gentoo networking scripts will default to using dhcp to assign an address (and gateway).  Instead of allowing dhcp to handle that interface, if you want to manually control it, you can create a config entry (see the net.example for examples):
> 
> ```
> config_eth5=( "192.168.0.3/24 brd 192.168.0.255" 
> ```
> ...

 

What I've got in there is the following:

```

modules_eth0=( "dhcp" )

modules_eth5=( "dhclient" )

modules=( "ifconfig" )

config_eth0=( "192.168.0.3/24" )

routes_eth0=(

        "default gw 192.168.0.1") 

mac_eth5="00:21:80:23:34:CC"

```

Which looks like I missed the part where I setup config_eth5 to use dhclient.  Doh! 

I think I can remove the routes_eth0 line if I get eth5 working properly, and I think the config line should do it.  Thanks again for your help!

----------

## Bones McCracker

 *Nodecam wrote:*   

>  *BoneKracker wrote:*    *Nodecam wrote:*   eth5 is not internet routable, and yet it comes up satisfying all the net prereqs 
> 
> I'm not sure what you mean here.
> 
>  
> ...

 

Okay, so I gather you're saying that eth5 has to use a dhcp server that's on the TV circuit, basically.  So you need to be using two separate dhcp servers then, one for each interface.  I didn't understand that.

One thing you can do is use facilities of dhclient (which you set up in dhclient.conf) that basically can override just about anything it receives from the dhcp server.  You'd have to read the man page (and it's a long one), because I don't remember off the top of my head.  But I do recall that you can manually set just about anything you want in the lease, including removing information.  So you could replace the default gateway (or eliminate it), and replace the ntp server (or eliminate it).  This is kind of a last resort, hackish technique, but it's there for situations where the normal stuff won't work.

 *Nodecam wrote:*   

>  *BoneKracker wrote:*    *Nodecam wrote:*   eth0 isn't up yet, and mysql starts up.  It then fails because it's interface isn't available yet. 
> 
> So I assume you are automatically starting mysql with something in your initscripts.  You probably need to make that initscript, whatever it its, have a dependency on "net".  Look at the other initscripts for an example, there are several that depend on "net".  You probably also need to turn on strict net checking.  That's done in /etc/conf.d/rc:
> 
> ```
> ...

 

eth5 is probably being coldplugged (or hotplugged).  You can disable that in the same file (conf.d/rc or etc/rc.conf).  But this general problem of mysql being started before all the net services are up should be solveable by using strict net checking.  You may have to do both.  You can turn off all coldplugging of network services or just that one, by following the examples in the comments of that file.

```
# Some people want a finer grain over hotplug/coldplug. RC_PLUG_SERVICES is a

# list of services that are matched in order, either allowing or not. By

# default we allow services through as RC_COLDPLUG/RC_HOTPLUG has to be yes

# anyway.

# Example - RC_PLUG_SERVICES="net.wlan !net.*"

# This allows net.wlan and any service not matching net.* to be plugged.

RC_PLUG_SERVICES="!*"
```

 *Nodecam wrote:*   

> 
> 
> What I've got in there is the following:
> 
> ```
> ...

 

I think your main problem is the other items above this quote, and that you'll sort out the conf.d/net on your own.

However, generally speaking, for an interface that is being controlled via dhcp, you don't need anything in conf.d/net.  Since you have dhclient, some of what would normally go in there (if you were using a different dhcp client) goes instead into /etc/dhcp.  It may be that all you need in conf.d/net is this (assuming you rename eth5 to eth1 in your udev rules):

```
config_eth0=( "dhcp" )

config_eth1=( "dhcp" )
```

And in fact, if you just have a completely blank file, that's what it will do by default.  If you have more than one dhcp client installed (which is not normally the case), then you need to specifically mention dhclient.  You don't need to mention ifconfig, unless you have iproute2 installed, because ifconfig is the default.

So if you've got dhclient and ipconfig (and you don't have any other dhcp clients installed, and you're using dhcp on all your interfaces (the two we have discussed)), then you could use a completely blank file (you'll get an ignorable warning on boot up), or you could use the two-line example I've shown above.

----------

## Nodecam

Got it all figured.  When starting to look at a custom net.eth5 init script, I noticed a reference in there to RC_NEED${interface} or something similar.

Digging into /etc/conf.d/net.example again, I found that the following line

```
RC_NEED_eth5="net.eth0"
```

made most of the problems go away.   eth5 now requires eth0 to be up.

I also switched eth0 over to dhcp, and everything is working now.  I haven't bothered to change the device names in the udev rules, since it really doesn't matter what they're called, and all the fiddly setup is already in place for eth5.

Thanks once again for all your help!

----------

## Bones McCracker

You're welcome. Glad it's working.     :Smile: 

Add "Solved" to the subject of the original post.

----------

## Cyker

Wow, if there was a kudos button I'd give you some BK  :Mr. Green: 

Don't see such extensive and detailed help often!  :Cool: 

----------

## Bones McCracker

 *Cyker wrote:*   

> Wow, if there was a kudos button I'd give you some BK 
> 
> Don't see such extensive and detailed help often! 

 

Thanks.

----------

