[TriLUG] spoofing mac addresses

Ryan Leathers Ryan.Leathers at globalknowledge.com
Tue Aug 3 16:26:55 EDT 2004 

Not quite the same deal I think Jon.  In the LVS case you don't care about
the MAC you only care about the virtual IP.  The failover host in that case
just sends a gratuitous ARP containing its own MAC address along with the
virtual IP.

-----Original Message-----
From: Jon Carnes [mailto:jonc at nc.rr.com]
Sent: Tuesday, August 03, 2004 4:18 PM
To: Triangle Linux Users Group discussion list
Subject: Re: [TriLUG] spoofing mac addresses


> The kicker here isn't getting it to respond to multiple MACs, or even 
> redirect MACs as Ryan suggested, but to *associate* a particular MAC 
> address with a particular address.  You'd need some way, at the kernel 
> level, to tell the OS that if a packet has a certain source address to 
> send it with a certain Ethernet header.  When you're composing 
> individual packets and stuffing them in at the driver layer (how various 
> arp poisoning attacks like Ryan describe do their dirty work), it's not 
> so difficult to do.  But you want to make a more large-scale 
> modification to the way the OS is determining what MAC address to use 
> when sending out packets.  I did some cursory googling around to find a 
> way to accomplish this task, but to no avail.  I think this would be 
> neat functionality to see in iptables or the iproute2 tools (or some 
> derivative) in the future, but presently I just don't think Linux is 
> capable of doing what you have in mind, in a wholesale manner.
> 
> Hmm... perhaps if you ran multiple VMWare instances, and assigned each 
> VMWare instance one of the IPs in question, VMWare would handle the 
> associations for you -- but you're talking monstrous overhead.  That 
> suggestion is really only meant to be humorous.  :)
> 
> This all begs the question, why are you trying to do this?  It seems as 
> if either a) you're trying to bend the rules being imposed on you at a 
> network layer (fine by me, but perhaps we can help you come up w/ a 
> better way) or b) you're thinking about the problem with some ill 
> conceived assumptions.  Perhaps a more thorough explanation would 
> provide more outside-the-box ideas.
> 
> Aaron S. Joyner

It's been awhile since I setup a fail-over LVS cluster using UltraMonkey
but as I remember it handled the MAC stuff fairly well - which let it
seamlessly failover to another server on the same subnet.

http://www.ultramonkey.org/papers/lvs_tutorial/

Jon

-- 
TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
TriLUG Organizational FAQ  : http://trilug.org/faq/
TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
TriLUG PGP Keyring         : http://trilug.org/~chrish/trilug.asc

More information about the TriLUG mailing list