When your ISP performs strict IP-MAC binding at the gateway level, simple IP aliasing (like eth0:0) won't work because each IP needs a unique MAC address. Here's how to solve this in Linux while maintaining proper traffic routing.
We'll explore three practical approaches:
# Method 1: Using macvlan driver
sudo ip link add link eth0 macvlan0 type macvlan mode bridge
sudo ip link set macvlan0 address 00:11:22:33:44:55
sudo ip addr add 192.168.1.100/24 dev macvlan0
sudo ip link set macvlan0 up
# Method 2: Direct MAC spoofing (temporary)
sudo ifconfig eth0:0 hw ether 00:11:22:33:44:56
sudo ifconfig eth0:0 192.168.1.101 netmask 255.255.255.0 up
# Method 3: Persistent udev rules
# /etc/udev/rules.d/70-persistent-net.rules
# SUBSYSTEM=="net", ACTION=="add", ATTR{address}=="original_mac", NAME="eth0"
# SUBSYSTEM=="net", ACTION=="add", ATTR{address}=="spoofed_mac1", NAME="eth0_1"
After establishing multiple MAC identities, configure NAT and routing:
# Enable IP forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
# Set up NAT for each virtual interface
sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
sudo iptables -t nat -A POSTROUTING -o macvlan0 -j MASQUERADE
# Add specific routes if needed
ip route add 203.0.113.0/24 via 192.168.1.1 dev macvlan0
Here's a complete test case using macvlan:
# Create three virtual interfaces with unique MACs
for i in {1..3}; do
sudo ip link add link eth0 macvlan$i type macvlan mode bridge
sudo ip link set macvlan$i address $(printf '02:00:00:%02x:%02x:%02x' $((RANDOM%256)) $((RANDOM%256)) $((RANDOM%256)))
sudo ip addr add 192.168.1.$((100+i))/24 dev macvlan$i
sudo ip link set macvlan$i up
done
# Verify connectivity
ping -I macvlan1 8.8.8.8
ping -I macvlan2 8.8.8.8
ping -I macvlan3 8.8.8.8
For production systems, create a systemd service:
# /etc/systemd/system/macvlan-setup.service
[Unit]
Description=MACVLAN interface setup
After=network.target
[Service]
Type=oneshot
ExecStart=/usr/local/bin/setup-macvlans.sh
[Install]
WantedBy=multi-user.target
The setup script should contain all your interface configuration commands. Remember to systemctl enable macvlan-setup after creating the service.
- Check
dmesgfor macvlan driver errors - Verify MAC addresses with
ip -br link show - Test connectivity per interface with
ping -I interface destination - Monitor ARP tables with
arp -n
When your ISP enforces strict IP-MAC binding at the gateway level, standard network interface aliases (like eth0:0) won't suffice because they share the physical NIC's MAC address. Here's how to create truly distinct virtual interfaces with unique MAC addresses.
The most elegant solution uses Linux's macvlan driver to create virtual interfaces with their own MACs:
# Load the module if not already loaded
sudo modprobe macvlan
# Create a virtual interface with custom MAC
sudo ip link add link eth0 macvlan0 address 00:11:22:33:44:55 type macvlan
# Bring it up and assign IP
sudo ip link set macvlan0 up
sudo ip addr add 192.168.1.100/24 dev macvlan0
For older systems or compatibility:
# Create alias interface
sudo ifconfig eth0:1 hw ether 00:11:22:33:44:66
# Assign IP (some distros require MAC first)
sudo ifconfig eth0:1 192.168.1.101 netmask 255.255.255.0 up
For Debian-based systems, add to /etc/network/interfaces:
auto macvlan0
iface macvlan0 inet static
address 192.168.1.100
netmask 255.255.255.0
pre-up ip link add link eth0 macvlan0 address 00:11:22:33:44:55 type macvlan
post-down ip link del macvlan0
When forwarding traffic through multiple interfaces:
# Enable IP forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
# NAT rules for each virtual interface
sudo iptables -t nat -A POSTROUTING -o macvlan0 -j MASQUERADE
- Some switches block MAC flooding - may need port mirroring
- Check dmesg for macvlan driver errors
- Virtual MACs must be locally administered addresses (second least significant bit of first byte set)