Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Advertise on LowEndTalk.com
HETZNER Server Locking for using Disallowed MAC Addresses
New on LowEndTalk? Please read our 'Community Rules' by clicking on it in the right menu!

HETZNER Server Locking for using Disallowed MAC Addresses

wa44io4wa44io4 Member
edited January 16 in Help

Hey Everyone,

I've recently started facing this MAC Address usage issue with HETZNER.

We have noticed that you have been using other MAC addresses in addition to 
the allowed at your Robot account.

They're locking my server telling me that I'm using multiple different MAC addresses along with the allowed one. They also suspected that this is happening because I'm hosting VMs on the servers.

However, I'm not hosting VMs on the server and tried to explain to them multiples times by now. I'm using the server with plain CentOS 7 x64 (KERNEL-ML) for hosting websites. I've also got the allowed MAC address added in the network configuration, still they keep locking my servers again and again.

Any of you here faced such issue? Can you suggest any permanent solution to this?

Some Info from the server -

Comments

  • ClouviderClouvider Member, Provider
    Thanked by 2wa44io4 Janevski

    Clouvider Limited - Leading Hosting & Connectivity Partner || Dedicated Server Sale from £45/m - Our Latest LET Offer

    Cloud Web Hosting | SSD & SAS HA OnApp VPS | US, UK, NL & DE Dedicated Servers | Network Services | Colocation | Managed Services

  • @Clouvider said:

    already in touch with them over tickets anyway ... I just wanted to see if anyone has experienced this before and found a solution.

  • How come they would disallow hosting VM(s)?
    Is it disallowed with dedicated?

  • @greattomeetyou said:
    How come they would disallow hosting VM(s)?
    Is it disallowed with dedicated?

    No , you are allowed to host VM , its MAC address issue

    Thanked by 1wa44io4

    Reach me at manishpant.com . Discord Id: Manish#6403

  • FalzoFalzo Member
    edited January 16

    @greattomeetyou this has nothing to do with allowing or disallowing VMs. that's a network related and more likely a routing issue. additional IPs have to use either the MAC that's given by the hardware (your network card) or a virtual mac that you have set via the control panel. this is to prevent IP spoofing and control access on the router/gateway.

    for OPs problem I assume he either uses the wrong gateway or uses the MAC for the addon IP as main MAC address which leads to problems with the main IP.

    @wa44io4 if you don't use the addon IP for virtualization/VMs simply don't use a virtual mac! unless you use bridging everything that goes out on your main network interface will and should have the HW-MAC of it and not some virtual.
    you are most likely creating a mismatch for either the main IP sending with the vmac of the addon IP while the hw-mac is expected or the addon IP sending with the hw-mac while the vmac is expected.

    possible solution: delete the virtual mac in the control panel and remove it from your network config.

    Thanked by 2pike Janevski

    most recommended Provider: First-Root KVM Power-Edition /w SSD
    UltraVPS.eu KVM in US/UK/NL/DE: 15% off first 6 month | Netcup VPS/rootDS - 5€ off: 36nc15279180197 (ref)

  • @Falzo said:

    Did you tried reading the full post in first place? I've clarified I'm not hosting any VM.

    There's no additional IP Addresses but only the default / main IP.

    Also, as you can see on the screenshot there's no virtual network adapter present either.

  • FalzoFalzo Member

    @wa44io4 said:

    @Falzo said:

    Did you tried reading the full post in first place? I've clarified I'm not hosting any VM.

    There's no additional IP Addresses but only the default / main IP.

    Also, as you can see on the screenshot there's no virtual network adapter present either.

    I understood that you don't use virtualization nor bridging. that's exactly why I pointed out that a mismatch with a (possible) virtual MAC address could lead to that issue.

    what I obivously misunderstood is that you are not even having any addon IP... this is because you mentioned an 'allowed MAC' - which I misinterpreted as 'additional/virtual mac' - my apologies.

    however.
    where did you get that 'allowed MAC' from?
    is that the hardware-mac of your network card?
    do you use the correct gateway?

    most recommended Provider: First-Root KVM Power-Edition /w SSD
    UltraVPS.eu KVM in US/UK/NL/DE: 15% off first 6 month | Netcup VPS/rootDS - 5€ off: 36nc15279180197 (ref)

  • @Falzo said:

    I've installed OS using the installimage tool and was using the default network configuration offered by this tool.

    Later on when they locked my server showing the allowed MAC address, I modified the network configuration file adding the MAC= field. Except this there's no network configuration done by me. Explaining the whole situation like I'm doing here didn't help.

    Everytime they lock servers I send unblock request and they unblock it saying now they don't see any other MAC addresses but only allowed one. But after 2/3 days they lock the server again for the exact same reason.

    I'm very frustrated with this already and they're not helping in any way instead stopped replying to my last unblock request.

    I did requested them to check if there's any issue on their end. I believe network switches or, the monitoring tool they're using can be wrong too.

  • FalzoFalzo Member

    okay. then probably something on your server is trying to send out packets with a spoofed mac/ip-address? some kind of malware or whatever?

    I never ran into such issue with Hetzner, only had a comparable situation with OVH once and that was me mismatching MACs and gateways, hence my poking on that topic.
    that said, I strongly doubt that their monitoring is at fault here tbh. otherwise you would see a lot of people jumping in and complaining about the very same thing.

    that their support is not hand-holding is a known fact and easy to understand. they only see packet with a wrong MAC-address trying to pass their network. they don't know what software you are running (intentionally or not) ... maybe even you don't know, because it's something malicious you haven't noticed yet.

    TL;DR; if the blocking reoccurs most likely there is something wrong on your server and because it's unmanaged you are the one who's expected to solve it, not their support ;-)

    most recommended Provider: First-Root KVM Power-Edition /w SSD
    UltraVPS.eu KVM in US/UK/NL/DE: 15% off first 6 month | Netcup VPS/rootDS - 5€ off: 36nc15279180197 (ref)

  • Falzo said: okay. then probably something on your server is trying to send out packets with a spoofed mac/ip-address? some kind of malware or whatever?

    I have double checked ... there's nothing running on the server except NGINX, PHP 7 and NIXSTATS AGENT ... I got more than 20 servers with HETZNER with exact setup and only 3 of them has this weird issue.

    Falzo said: TL;DR; if the blocking reoccurs most likely there is something wrong on your server and because it's unmanaged you are the one who's expected to solve it, not their support ;-)

    Nah, I'm not asking for any technical support here ... I'm trying to prove that I'm not using those disallowed MACs with proper information. If the information provided by me is not enough for them, shouldn't they at-least ask for further (specific) information which will help them to identify the real issue or, prove me wrong.

    I'm a HETZNER customer since 2016 and I have deployed huge amount of servers with them over these years. I think this makes me one of their valuable customer and I definitely deserve some extra effort from their network department on this weird / confusing / complicated issue. @Hetzner_OL

  • @wa44io4 said: I have double checked ... there's nothing running on the server except NGINX, PHP 7 and NIXSTATS AGENT ... I got more than 20 servers with HETZNER with exact setup and only 3 of them has this weird issue.

    I would say that 3/20 is pretty significant in this context

    "Linux will run happily with only 4 MB of RAM, including all of the bells and whistles such as the X Window System, Emacs, and so on." (M. Welsh & L. Kaufman, Running Linux, 2e, 1996, p. 32)

  • pikepike Member
    edited January 16

    @wa44io4 even if you werent a customer with them for years, I'm certain the Hetzner support will handle you in the most professional way, as they do with all customers.

    Thanked by 1wa44io4
  • @angstrom said:
    I would say that 3/20 is pretty significant in this context

    so?

  • @pike said:
    @wa44io4 even if you werent a customer with them for years, I'm certain the Hetzner support will handle you in the most professional way, as they do with all customers.

    Can't agree more with you and expect any less from them. I love HETZNER as much as y'all do.

    I'm not one of the LET drama creator ... I use LET for sharing and gathering different experiences.

  • @wa44io4 said:

    @angstrom said:
    I would say that 3/20 is pretty significant in this context

    so?

    You wrote "and only 3 of them has this weird issue", which suggests that 3/20 isn't so significant in this context. But perhaps you didn't intend to imply this.

    "Linux will run happily with only 4 MB of RAM, including all of the bells and whistles such as the X Window System, Emacs, and so on." (M. Welsh & L. Kaufman, Running Linux, 2e, 1996, p. 32)

  • FalzoFalzo Member

    @angstrom said:

    @wa44io4 said:

    @angstrom said:
    I would say that 3/20 is pretty significant in this context

    so?

    You wrote "and only 3 of them has this weird issue", which suggests that 3/20 isn't so significant in this context. But perhaps you didn't intend to imply this.

    I agree and would consider 15% significant ;-)

    the good thing with multiple affected boxes is, that you could look for a pattern... like are they all in the same DC, rack, same subnet (more or less) or are they all the same type of hardware, network card etc.

    most recommended Provider: First-Root KVM Power-Edition /w SSD
    UltraVPS.eu KVM in US/UK/NL/DE: 15% off first 6 month | Netcup VPS/rootDS - 5€ off: 36nc15279180197 (ref)

  • Since you're saying this is happening in a relative short interval like over 3 days, why don't you leave a tcpdump and capture say arp traffic (and/or periodically) dump the arp table from your machine to keep tabs and see what gives? At least it'll give you some clue on the goings on?

    Thanked by 2uptime Janevski
  • MikePTMikePT Member, Provider

    Provide them your login credentials, they can check this for you.

  • @nullnothere said:
    Since you're saying this is happening in a relative short interval like over 3 days, why don't you leave a tcpdump and capture say arp traffic (and/or periodically) dump the arp table from your machine to keep tabs and see what gives? At least it'll give you some clue on the goings on?

    I was going to suggest this. If you know the MAC they claim is coming from you, you can filter on that to a file and check it next time. Just make sure to record when you started the capture so you can correlate the traffic to actual time to better understand when it's happening.

    Thanked by 2nullnothere wa44io4
  • jarjar Provider

    wa44io4 said: I got more than 20 servers with HETZNER with exact setup and only 3 of them has this weird issue.

    Definitely an interesting variable as I've never seen or heard of this issue before, so you seeing it 3 times seems relevant and specific to you. Let us know what you find out so the rest of us can avoid it.

    Thanked by 2Janevski wa44io4
  • Hetzner_OLHetzner_OL Member, Provider, Top Provider

    I checked with our networking team, and they agree with @nullnothere and @TimboJones. Or you can write a support request and ask our networking team to create a dump for you. (Respond to the last ticket you had about this issue.) --Katie

    Thanked by 2nullnothere wa44io4

    We (Katie and Helena) will do our best to answer your Hetzner questions and pass on your feedback. Hetzner Online's not liable for any corny jokes that we make. (https://www.hetzner.com)

Sign In or Register to comment.