Going Back to Hardcoded MAC Address

I built a SPlat box on a piece of hardware in a test
environment. For the production roll out, I copied the
configuration over to a new piece of hardware. Now I am
trying to deploy the piece of hardware originally used
for the SPlat development in production too.

Now here's the problem. When I set up SPlat in the test
system, it seems to have sucked up the MAC addresses from
the NICs and put them in the software SPlat configuration
(in /etc/sysconfig/netconf.C). This file got transferred
over to the new hardware the SPlat is running on. So now
the new SPlat system's MAC is conflicting with the original
box's MAC as we deploy it in a different role.

How do I fix this? I'd like to get the new box to use it's
hardcoded MAC addresses rather than the ones in netconf.C.
I can use "ifconfig ethX hw ether <mac>" to
do that, but
I can't figure out where I can find the MACs of the NICs
without cracking the case open. I can live with the hiccup
of bringing each link up and down, but powering it down to
look at the NICs and _then_ going through changing the
addresses is not appealing. Or can I even manually edit
netconf.C by killing the "hwaddr" lines and reboot
it?

I don't have my test system anymore... since it's the one
having the conflict with the firewall.
-- 

Crist J. Clark                              
crist.clarkglobalstar.com
Globalstar Communications                               
(408)
933-4387


B¼information contained in this e-mail message is
confidential, intended
only for the use of the individual or entity named above. If
the reader
of this e-mail is not the intended recipient, or the
employee or agent
responsible to deliver it to the intended recipient, you are
hereby
notified that any review, dissemination, distribution or
copying of this
communication is strictly prohibited. If you have received
this e-mail
in error, please contact postmasterglobalstar.com 

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================

Short answer is yes to your last question.  Kill the lines
and reboot.  If
you want more info on this here are my notes on the
subject:

[SPLAT MACs in netconf.C and restores/reverts]
-When you restore a snapshot or backup file the firewall
will use the MAC
addresses stored in the snapshot file, not your network
card's physical MAC
addresses, even if you change hardware!  If you're not
running a cluster
this is mainly a good thing, since you won't have to clear
any ARP tables
when you revert on new hardware  However, since we're
running a cluster
this is a very bad thing!
-You can verify which MAC addresses you're using with these
commands:
	ifconfig |grep HWaddr
		-This shows which MACs you're currently using
	grep hwaddr /etc/sysconfig/hwconf
		-This should contains your NICs' physical MAC addresses. 
If
in doubt, delete this file, reboot and this file will be
automatically
created on startup.  It's not a bad idea to also delete
"/etc/modules.conf"
to ensure the correct drivers are being loaded.
	grep hwaddr /etc/sysconfig/netconf.C
		-This shows which MACs your server is configured to use. 
If
there are no "hwaddr" lines, then your NIC's
physical MACs will be used.  If
there are no "hwaddr" lines you can create them by
running "cpnetconf
store".  I don't know of any advantage to having the
MAC addresses
explicitly defined in this file though.
-Since the MAC addresses that Check Point uses are stored
in
"/etc/sysconfig/netconf.C" you can change back to
your physical MACs by
running these commands:
	cd /etc/sysconfig
	cpstop
	mv netconf.C netconf.C.old
	grep -v hwaddr netconf.C.old >netconf.C
	rm /etc/sysconfig/hwconf
	rm /etc/modules.conf	//This is only necessary if you need
to load
different drivers
	reboot 

> -----Original Message-----
> From: Mailing list for discussion of Firewall-1 
> [mailto:FW-1-MAILINGLISTAMADEUS.US.CHECKPOINT.COM]
On Behalf 
> Of Crist Clark
> Sent: Thursday, October 18, 2007 6:42 PM
> To: FW-1-MAILINGLISTAMADEUS.US.CHECKPOINT.COM
> Subject: [FW-1] Going Back to Hardcoded MAC Address
> 
> I built a SPlat box on a piece of hardware in a test
> environment. For the production roll out, I copied the
> configuration over to a new piece of hardware. Now I
am
> trying to deploy the piece of hardware originally used
> for the SPlat development in production too
> 
> Now here's the problem. When I set up SPlat in the
test
> system, it seems to have sucked up the MAC addresses
from
> the NICs and put them in the software SPlat
configuration
> (in /etc/sysconfig/netconf.C). This file got
transferred
> over to the new hardware the SPlat is running on. So
now
> the new SPlat system's MAC is conflicting with the
original
> box's MAC as we deploy it in a different role.
> 
> How do I fix this? I'd like to get the new box to use
it's
> hardcoded MAC addresses rather than the ones in
netconf.C.
> I can use "ifconfig ethX hw ether
<mac>" to do that, but
> I can't figure out where I can find the MACs of the
NICs
> without cracking the case open. I can live with the
hiccup
> of bringing each link up and down, but powering it down
to
> look at the NICs and _then_ going through changing the
> addresses is not appealing. Or can I even manually
edit
> netconf.C by killing the "hwaddr" lines and
reboot it?
> 
> I don't have my test system anymore... since it's the
one
> having the conflict with the firewall.
> -- 
> 
> Crist J. Clark                              
> crist.clarkglobalstar.com
> Globalstar Communications                              
 (408)
> 933-4387
> 
> 
> B¼information contained in this e-mail message is 
> confidential, intended
> only for the use of the individual or entity named
above. If 
> the reader
> of this e-mail is not the intended recipient, or the
employee or agent
> responsible to deliver it to the intended recipient,
you are hereby
> notified that any review, dissemination, distribution
or 
> copying of this
> communication is strictly prohibited. If you have
received this e-mail
> in error, please contact postmasterglobalstar.com 
> 
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERVamadeus.us.checkpoint.com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http:
//www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-ownerts.checkpoint.com
> =================================================
> 



=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================