Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game. |
| Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
 |
GNU/Linux Basic Guide
This 255-page guide will provide you with the keys to understand the philosophy of free software, teach you how to use and handle it, and give you the tools required to move easily in the world of GNU/Linux. Many users and administrators will be taking their first steps with this GNU/Linux Basic guide and it will show you how to approach and solve the problems you encounter.
Click Here to receive this Complete Guide absolutely free. |
|
 |
08-14-2009, 09:38 AM
|
#1
|
|
LQ Newbie
Registered: Aug 2009
Posts: 26
Rep: 
|
shorewall, vlan routing
Hi,
I'm work with vlans in centos, i've a firewall with shorewall. I try to conect 3 pc in diferent vlan, the conection is ok, but with shorewall I need control the traffic between there but I can't, the rules are correct, but they do nothing, I need to connect a host on a network segment to another in specific, are addressed to a VLAN where shorewall but I can not get connected. I am testing to implement this distribution in an office. Someone could help me please
|
|
|
|
|
08-14-2009, 12:53 PM
|
#2
|
|
Moderator
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 42,827
|
well you don't route vlans, you route subnets, so as these seperate concepts seem to be a bit mixed up, can we work out how they are seperate? how are these vlans connecting to shorewall? .1q tagging? multiple nics? what does the actual interface and routing table config look like?
|
|
|
|
|
08-14-2009, 01:56 PM
|
#3
|
|
LQ Newbie
Registered: Aug 2009
Posts: 26
Original Poster
Rep:
|
Thanks!!
Ok, i try that the shorewall routing the traffic with vlan with 802.1q module I've 3 vlan, eth0.10, eth0.11 and eth0.12, in the same nic, I've only one nic. I'm connect to a switch with 4 ports, this don't support of vlan, in the others ports are connect 3 pc's with different network segment for eth0.10 is 192.168.10.0/24, for eth0.11 is 192.168.11.0/24 and for eth0.12 is 192.168.12.0/24,these are configured as a gateway to a VLAN.
[root@localhost network-scripts]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:08:A1:B3:29:BE
inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::208:a1ff:feb3:29be/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:10336 errors:1 dropped:0 overruns:0 frame:1
TX packets:10104 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:4234555 (4.0 MiB) TX bytes:1883980 (1.7 MiB)
Interrupt:185 Base address:0xe000
eth0.10 Link encap:Ethernet HWaddr 00:08:A1:B3:29:BE
inet addr:192.168.10.1 Bcast:192.168.10.255 Mask:255.255.255.0
inet6 addr: fe80::208:a1ff:feb3:29be/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:17 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:4539 (4.4 KiB)
eth0.11 Link encap:Ethernet HWaddr 00:08:A1:B3:29:BE
inet6 addr: fe80::208:a1ff:feb3:29be/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
eth0.12 Link encap:Ethernet HWaddr 00:08:A1:B3:29:BE
inet addr:192.168.12.1 Bcast:192.168.12.255 Mask:255.255.255.0
inet6 addr: fe80::208:a1ff:feb3:29be/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:17 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:4539 (4.4 KiB)
the route tables is
[root@localhost network-scripts]# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.0.0 * 255.255.255.0 U 0 0 0 eth0
192.168.12.0 * 255.255.255.0 U 0 0 0 eth0
192.168.12.0 * 255.255.255.0 U 0 0 0 eth0.12
192.168.11.0 * 255.255.255.0 U 0 0 0 eth0
192.168.10.0 * 255.255.255.0 U 0 0 0 eth0
192.168.10.0 * 255.255.255.0 U 0 0 0 eth0.10
169.254.0.0 * 255.255.0.0 U 0 0 0 eth0.12
default 192.168.0.1 0.0.0.0 UG 0 0 0 eth0
this is the configuration, in the shorewall is
zones file
loc1 ipv4
loc2 ipv4
loc3 ipv4
loc4 ipv4
interfaces file
zone interface broadcast
loc1 eth0 192.168.0.255
loc2 eth0.10 192.168.10.255
loc3 eth0.11 192.168.11.255
loc4 eth0.12 192.168.12.255
in hosts file no admit anything i try configured this
loc1 eth0:192.168.0.0/24
loc2 eth0.10:192.168.10.0/24
loc3 eth0.11:192.168.11.0/24
loc4 eth0.12:192.168.12.0/24
but is a duplicate of network error
the policy's file is
fw all ACCEPT
loc1 all ACCEPT info
loc2 all ACCEPT info
loc3 all ACCEPT info
loc4 all ACCEPT info
all all REJECT info
this is the configuration in the rules I am trying to establish a rule that I can ping host from specific network loc3 and loc4, this is only proof that in the future to be able to establish that connection at the time but does not apply anything, not if shorewall does not work with this configuration or that happening, I am working with shorewall 4.2.10
|
|
|
|
|
09-07-2012, 07:23 PM
|
#4
|
|
LQ Newbie
Registered: Sep 2012
Location: Costa Rica
Posts: 1
Rep: 
|
Response to alitabas
Hello alitabas, you can try this config in the hosts file, all the zones belongs to the same interface eth0, there is no need to add the 0.1X for each line:
loc1 eth0 192.168.0.0/24
loc2 eth0 192.168.10.255
loc3 eth0 192.168.11.255
loc4 eth0 192.168.12.255
On the interface file try this, the (-) sign is because the eth0 interface serves multiple zones, even if you use "subinterfaces" on the same eth0, there is no need to configure each zone because all of them belongs to the same interface eth0, and the "detect" setting is to detect the traffic subnet that is passing on the interface:
- eth0 detect
Hope this helps.
|
|
|
|
| Thread Tools |
Search this Thread |
|
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT -5. The time now is 10:45 AM.
|
|
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
|
 Latest Threads
LQ News
|
|
