[CentOS] C7: NM and changing MAC addresses

Mon Oct 11 10:24:34 UTC 2021
José María Terry Jiménez <jtj at tssystems.net>

El 11/10/21 a las 11:55, Tom Yates escribió:
> i need a way to stop anything from changing my external MAC address, 
> as my ISP is extremely sensitive to additional MAC addresses appearing 
> on my external NIC.
>
> i have done
>
> sudo nmcli conn mod eno1 802-3-ethernet.cloned-mac-address permanent
>
> and it's improved matters, but here's an example of it going wrong 
> even so, from "tcpdump -n -n -e -i eno1 src 185.219.108.121" (which is 
> my ipv4):
>
> 10:23:58.210653 ac:1f:6b:6c:5a:6e > bc:30:5b:f7:3e:c8, ethertype IPv4 
> (0x0800), length 114: 185.219.108.121.53002 > 198.252.206.25.443: 
> Flags [P.], seq 2018:2066, ack 5333, win 501, options [nop,nop,TS val 
> 4035938817 ecr 1709670339], length 48
> 10:23:58.405154 ac:1f:6b:6c:5a:6e > bc:30:5b:f7:3e:c8, ethertype IPv4 
> (0x0800), length 66: 185.219.108.121.44534 > 216.58.212.234.443: Flags 
> [.], ack 21641, win 501, options [nop,nop,TS val 805137946 ecr 
> 1062125308], length 0
> 10:23:58.447030 ac:1f:6b:6c:58:2d > ff:ff:ff:ff:ff:ff, ethertype ARP 
> (0x0806), length 60: Request who-has 185.219.108.1 tell 
> 185.219.108.121, length 46
> 10:23:58.447466 ac:1f:6b:6c:58:2d > bc:30:5b:f7:3e:c8, ethertype IPv4 
> (0x0800), length 342: 185.219.108.121.68 > 185.219.108.1.67: 
> BOOTP/DHCP, Request from ac:1f:6b:6c:58:2d, length 300
> 10:23:58.629131 ac:1f:6b:6c:5a:6e > bc:30:5b:f7:3e:c8, ethertype IPv4 
> (0x0800), length 98: 185.219.108.121 > 8.8.8.8: ICMP echo request, id 
> 105, seq 67, length 64
>
> note the first two frames coming from ac:1f:6b:6c:5a:6e, the real MAC 
> address, which has been happily all over the headers of the previous 
> several thousand frames, but then two frames from ac:1f:6b:6c:58:2d, 
> which *utterly* screw up my connection to my ISP.  the old MAC address 
> continues to be on some of the outgoing traffic.
>
> i have some grounds for thinking that the first or second frame with 
> the "bad" mac address is always a BOOTP/DHCP frame, so i'm open to the 
> idea that this is dhclient being "helpful", rather than NM.
>
> does anyone have any idea which daemon or service is responsible for 
> this MAC-rebadging, and/or how i might stop it?
>
>
Hello

Perhaps the solution is this:


https://access.redhat.com/solutions/70215HWADDR=


Never see in CentOS but yes in Proxmox (bridge). Adding HWADDR= was a 
solution for me. But note this article asks you to change HWADDR= to 
MACADDR=


Hope helps