[CentOS] New firewall, need mac changed

Sun Apr 20 10:56:17 UTC 2008
Richard Karhuse <rkarhuse at gmail.com>

On Sat, Apr 19, 2008 at 3:53 PM, Joseph L. Casale <jcasale at activenetwerx.com>
wrote:

> >Modify /etc/sysconfig/network-scripts/ifcfg-ethX and remove the HWADDR
> >line if you have one, and add a MACADDR with the mac address you want
> >to use.
> >
> >Beware, some network cards may protest having the mac address changed,
> >and using both HWADDR and MACADDR can cause issues. See
> >/usr/share/doc/initscripts-*/sysconfig.txt for details.
>
> Jim,
> I appreciate the confirmation, that was the method I was going to use. I
> am only unsure about what *could* happen with the HWADDR in there, can
> eth{n} now maybe bind to a different nic under some circumstance?
>
> How can I always force the nic in question to use this script?
>
> Thank you!
> jlc
>  <CentOS at centos.org> <http://lists.centos.org/mailman/listinfo/centos>
>


Here is an outline of what I do to "lock-down" interfaces -- which relies
mainly on using a fairly new feature "udev":

   /etc/modprobe.conf:  make sure the lines --

              alias eth? <driver>

       are in the correct order, e.g.:

              alias eth0 e1000
              alias eth1 e1000
              alias eth2 tg3

    /etc/udev/rules.d/:  create network rules file (if needed) and
         add lines that associate a given NIC to its eth? interface.
         Use "udevinfo -a -p /sys/class/net/eth?" to get various
         features or attributes to find the NIC that you want to call
         eth<X>.  [Note: this seems to change from release to
         release, so this is a little general.]  You might want to put
         lines like:

           Kernel==eth?  ID==0000:03:02.0 Name=eth0
           Kernel==eth?  ID==0000:03:02.1 Name=eth1

          or

            Kernel==eth?  Sys{vendor}==0x8086 Sys{device}==0x032a Name=eth0
            Kernel==eth?  Sys{vendor}==0x8086 Sys{device}==0x1079 Name=eth1

    /etc/sysconfig/network-scripts/ifcfg-eth<X>:

         As other have suggested, now put MACADDR= into these files with the
         desired MAC address that you want the interface to be set to and
         delete the HWADDR.

Now, reboot, test and repeat as needed:-):-) ...

I hope that helps and is useful ...

  -rak-

Note:  I just checked a Fedora 8 box and some of the above has
changed -- udev is the way to go, but be advised that this feature
appears to be evolving and changing -- hopefully for the better!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos/attachments/20080420/5376508b/attachment-0004.html>