September 15, 2012 at 1:34 pm #43446
I have ZS 2.0.RC1 booted from CD on an Intel D510MO NM10 atom Mini-ITX board with 2GB SDRAM and one Gig-E interface plus a Soekris LAN1641 4-port PCI Ethernet card with four 10/100/BTX interfaces. SO there are five Ethernet interfaces, one WAN (the Gig-E interface on the motherboard for WAN, and one of the five 10/100 interfaces on the PCI card for the LAN). The LAN is connected via a 16-port Allied Telesyn un-manged 10/100 Ethernet switch. There’s no WiFi involved for now.
Initially, configuring ZS is going well. All the Ethernet interfaces are working fine. I want a simple home DOCSIS cable Internet router/firewall to replace an existing Cisco/LinkSys box with minimal services (no VLAN, captive portal, directory services, etc.) I’m really only looking for NAT, firewall, a real NTP time server to the LAN (important), and a little port forwarding for an existing SIP VoIP gateway.
My DOCSIS cable Internet provider is obsessed with not allowing subscribers to easily change the MAC address of the hosts/routers connected to the cable modem. This is not a problem with the LinkSys box as I can simply spoof the WAN port’s MAC address through a user admin Web interface option. The cable ISP provides an IP with DHCP via the cable modem.
But after studying the ZS text console, Web admin GUI, Web documentation, FAQ, Forum, etc., I can find no simple option to spoof the MAC address on my WAN port. Either I’m missing something obvious, or this WAN spoofing capability isn’t simply configurable in the ZS interface. Can someone please confirm this?
If there is no simple option to spoof the WAN MAC address in ZS; perhaps there is a way to modify the /etc/rc init scripts to do the MAC spoofing. If-so, are there instructions on how to do this and then either save a profile or remaster ZS to allow the change to survive reboot? I prefer to continue booting ZS from a CD and store profiles etc. on a separate small storage device (USB stick for now, something more robust long term).
Thanks for any replies… David in JakartaSeptember 16, 2012 at 12:39 am #52463
Once you figure out the Linux command line you want to use, possibly something like those suggested on http://www.aboutlinux.info/2005/09/how-to-change-mac-address-of-your.html
Then put that command into the “pre-boot” script on the GUI, save your configuration and reboot.September 17, 2012 at 3:32 pm #52464
Thank you very much for the reply. I did as you suggested, with the ETH00 interface set to a static IP address. In the Post Boot script I put:
# Startup Script
ifconfig ETH00 down
ifconfig ETH00 hw ether 00:80:48:BA:d1:30
ifconfig ETH00 up
In the above example, the MAC address is only an example.
After changing the Post Boot script to Status: Enabled I then saved the script and rebooted the ZS machine from the Web GUI. The ZS machine reboots. Now I see the MAC address change is persistent both in the text console with “N”, and on the PC (after unplugging and replugging the Ethernet cables between the PC, switch and ZS machine to refresh the arp tables) and by looking at arp -a on the connected PC. The connected PC can log in to the ZS machine via the Web admin GUI again with the new MAC address.
So far so good; but not good enough though…
As I mentioned in my OP, the ISP provides me with an address via the DOCSIS cable modem using DHCP, and does not tolerate a changed MAC address for the host/router connected to the cable modem.
So this is the nasty (IMO) part of this problem…
Changing the MAC address on the WAN port connected to the cable modem, which provides an IP via DHCP, doesn’t work. Changing the MAC address using the Post Boot script occurs too late.
The ISP sees an ‘incorrect’ MAC address, and will not give me a DHCP lease (those bastards). So I need to spoof the MAC address before the DHCP client daemon for the WAN port on the ZS machine is started. Actually it would be better to spoof the MAC address as soon as the interface is brought up – as early as possible. Maybe a change in the bootloader (Kernel option) or in the Pre Boot script?
Hmm…. Any suggestions?
Thanks & Best Regards, David
You must be logged in to reply to this topic.