[SOLVED] Network-Abuse mac adreess Proxmox

timoniks

New Member
May 12, 2022
5
0
1
Proxmox installed Virtual Environment 6.1-3
Received an email about server blocking.

--------------------------
The issue of the relevant ticket has not been resolved.

the current MAC addresses we see is this:

#1153154
Allowed MACs:
e4:43:4b:b9:eb:b6
f4:02:70:fa:9e:86
Unallowed MACs:
be:60:85:ed:5d:66
---------------------


root@pve:~# ifconfig -a
eno1: flags=4098<BROADCAST,MULTICAST> mtu 1500
ether e4:43:4b:b9:eb:96 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

eno2: flags=4098<BROADCAST,MULTICAST> mtu 1500
ether e4:43:4b:b9:eb:98 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

eno3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
ether e4:43:4b:b9:eb:b6 txqueuelen 1000 (Ethernet)
RX packets 1400035 bytes 357335265 (340.7 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 3209004 bytes 3755681284 (3.4 GiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
device memory 0x92a00000-92afffff

eno4: flags=4098<BROADCAST,MULTICAST> mtu 1500
ether e4:43:4b:b9:eb:b7 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
device memory 0x92900000-929fffff

fwbr102i1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
ether be:60:85:ed:5d:66 txqueuelen 1000 (Ethernet)
RX packets 66 bytes 3036 (2.9 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 2 bytes 108 (108.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

fwln102i1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
ether be:60:85:ed:5d:66 txqueuelen 1000 (Ethernet)
RX packets 24907 bytes 1776512 (1.6 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1 bytes 54 (54.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

fwpr102p1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
ether 66:62:ce:cb:a0:1f txqueuelen 1000 (Ethernet)
RX packets 1 bytes 54 (54.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 24907 bytes 1776512 (1.6 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0


What are these interfaces and how to disable them or change MAC - fwbr102i1 / fwln102i1 ?
 

timoniks

New Member
May 12, 2022
5
0
1
hi,

since your hoster does not allow the MAC addresses of your VMs you can use routed setup [0].

that way only the PVE's MAC address will be seen by the switch

[0]: https://pve.proxmox.com/wiki/Network_Configuration#_routed_configuration


i use this

auto lo
iface lo inet loopback

auto eno3
iface eno3 inet manual

iface eno1 inet manual

iface eno2 inet manual

iface eno4 inet manual

auto vmbr0
iface vmbr0 inet static
address 116.2xx.2xxx.2
netmask 255.255.255.128
gateway 116.2xx.2xx.1
bridge-ports eno3
bridge-stp off
bridge-fd 0

auto vmbr1
iface vmbr1 inet static
address 192.168.0.1
netmask 24
bridge-ports none
bridge-stp off
bridge-fd 0
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '192.168.0.0/24' -o vmbr0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '192.168.0.0/24' -o vmbr0 -j MASQUERAD


but somehow it still glows MAC


on my local VPS no mac be:60:85:ed:5d:66
 
Last edited:

bobmc

Well-Known Member
May 17, 2018
601
96
48
65
I think you need to put your public IP on directly on eno3 and update your ip-tables nat config to use eno3 instead of vmbr0
 
  • Like
Reactions: oguz

bobmc

Well-Known Member
May 17, 2018
601
96
48
65
or ask your hoster to allow 1 additional mac-address for vmbr0 - might be the easiest way
 

timoniks

New Member
May 12, 2022
5
0
1
or ask your hoster to allow 1 additional mac-address for vmbr0 - might be the easiest way
After restart MAC - be:60:85:ed:5d:66 will always change


fwbr102i1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
ether be:60:85:ed:5d:66 txqueuelen 1000 (Ethernet)
RX packets 66 bytes 3036 (2.9 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 2 bytes 108 (108.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

fwln102i1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
ether be:60:85:ed:5d:66 txqueuelen 1000 (Ethernet)
RX packets 24907 bytes 1776512 (1.6 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1 bytes 54 (54.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
 

timoniks

New Member
May 12, 2022
5
0
1
I fought with support, they said they would figure it out myself. They refused to add mac to the white list.

There are two solutions.

1. Reconfigure the network and make only one bridge (directly on eno3).

2. Block outgoing port 43.

Many thanks to everyone for the help!!!! ;)
 
Last edited:

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get your own in 60 seconds.

Buy now!