Why does my Ethernet card have 2 MACs?

Started by lorem, August 07, 2023, 07:27:31 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
August 07, 2023, 07:27:31 AM
I'm a new user of Protecti with OPNsense. I've been a Linux "user" for 20 years, but now I am learning networking. My setup is simple.
[Linux -> VPN] box -> Switch -> Firewall -> Modem -> Internet

My question is about the ARP table in OPNsense. I am looking around making sure there is nothing extra that shouldn't be there. There six entries in the ARP table. Do I understand this right:

2 MACs for Linux box
1 MAC for the switch
2 MACs for fire wall: WAN and LAN
1 MAC for modem

Wait what? Why does the Linux box Ethernet card have two MACs? There is only one cable connection.
August 07, 2023, 07:40:17 AM #1
Could you run these commands on Linux and paste the result here?

lspci

lsusb

ip li sh
August 07, 2023, 07:44:37 AM #2
Do you have any VMs or docker on the Linux box?

In that case, your interface is probably bridged and the different MACs correspond to different IPs. You can usually see that when you look at the MACs: The physical interface should be in the MAC OUI database, whereas the virtual ones have the U/L bit set, which is the 2nd bit in the first byte of the mac.
Intel N100, 4* I226-V, 2* 82559, 16 GByte, 500 GByte NVME, ZTE F6005

1100 down / 800 up, Bufferbloat A+
August 07, 2023, 08:05:00 AM #3
bartjsmit,
My mistake, it is the same MAC, but with 2 IP addresses assigned. The 2 IP addresses on the one MAC are xxx.xxx.0.1 and xxx.xxx.0.3

I previously did packet capture on OPNsense to log 260,000 LAN packets. For the first IP there are 2 round trips between xxx.xxx.0.1 and the firewall. They are DHCP Request and DHCP ACK. They are separated by exactly 1 hour.

The other IP xxx.xxx.0.3 is 253,756 packets, which I assume is user client data.

I assume this is all normal?

Meyergru, thank you for that info.
Print
Go Up Pages1
User actions