LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices



Closed Thread
 
Search this Thread
Old 08-14-2009, 10:38 AM   #1
alitabas
LQ Newbie
 
Registered: Aug 2009
Posts: 26

Rep: Reputation: 15
shorewall, vlan routing


Hi,



I'm work with vlans in centos, i've a firewall with shorewall. I try to conect 3 pc in diferent vlan, the conection is ok, but with shorewall I need control the traffic between there but I can't, the rules are correct, but they do nothing, I need to connect a host on a network segment to another in specific, are addressed to a VLAN where shorewall but I can not get connected. I am testing to implement this distribution in an office. Someone could help me please
 
Old 08-14-2009, 01:53 PM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,415

Rep: Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968
well you don't route vlans, you route subnets, so as these seperate concepts seem to be a bit mixed up, can we work out how they are seperate? how are these vlans connecting to shorewall? .1q tagging? multiple nics? what does the actual interface and routing table config look like?
 
Old 08-14-2009, 02:56 PM   #3
alitabas
LQ Newbie
 
Registered: Aug 2009
Posts: 26

Original Poster
Rep: Reputation: 15
Thanks!!

Ok, i try that the shorewall routing the traffic with vlan with 802.1q module I've 3 vlan, eth0.10, eth0.11 and eth0.12, in the same nic, I've only one nic. I'm connect to a switch with 4 ports, this don't support of vlan, in the others ports are connect 3 pc's with different network segment for eth0.10 is 192.168.10.0/24, for eth0.11 is 192.168.11.0/24 and for eth0.12 is 192.168.12.0/24,these are configured as a gateway to a VLAN.
[root@localhost network-scripts]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:08:A1:B3:29:BE
inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::208:a1ff:feb3:29be/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:10336 errors:1 dropped:0 overruns:0 frame:1
TX packets:10104 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:4234555 (4.0 MiB) TX bytes:1883980 (1.7 MiB)
Interrupt:185 Base address:0xe000

eth0.10 Link encap:Ethernet HWaddr 00:08:A1:B3:29:BE
inet addr:192.168.10.1 Bcast:192.168.10.255 Mask:255.255.255.0
inet6 addr: fe80::208:a1ff:feb3:29be/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:17 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:4539 (4.4 KiB)

eth0.11 Link encap:Ethernet HWaddr 00:08:A1:B3:29:BE
inet6 addr: fe80::208:a1ff:feb3:29be/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

eth0.12 Link encap:Ethernet HWaddr 00:08:A1:B3:29:BE
inet addr:192.168.12.1 Bcast:192.168.12.255 Mask:255.255.255.0
inet6 addr: fe80::208:a1ff:feb3:29be/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:17 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:4539 (4.4 KiB)
the route tables is
[root@localhost network-scripts]# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.0.0 * 255.255.255.0 U 0 0 0 eth0
192.168.12.0 * 255.255.255.0 U 0 0 0 eth0
192.168.12.0 * 255.255.255.0 U 0 0 0 eth0.12
192.168.11.0 * 255.255.255.0 U 0 0 0 eth0
192.168.10.0 * 255.255.255.0 U 0 0 0 eth0
192.168.10.0 * 255.255.255.0 U 0 0 0 eth0.10
169.254.0.0 * 255.255.0.0 U 0 0 0 eth0.12
default 192.168.0.1 0.0.0.0 UG 0 0 0 eth0
this is the configuration, in the shorewall is
zones file
loc1 ipv4
loc2 ipv4
loc3 ipv4
loc4 ipv4
interfaces file
zone interface broadcast
loc1 eth0 192.168.0.255
loc2 eth0.10 192.168.10.255
loc3 eth0.11 192.168.11.255
loc4 eth0.12 192.168.12.255
in hosts file no admit anything i try configured this
loc1 eth0:192.168.0.0/24
loc2 eth0.10:192.168.10.0/24
loc3 eth0.11:192.168.11.0/24
loc4 eth0.12:192.168.12.0/24
but is a duplicate of network error
the policy's file is
fw all ACCEPT
loc1 all ACCEPT info
loc2 all ACCEPT info
loc3 all ACCEPT info
loc4 all ACCEPT info
all all REJECT info
this is the configuration in the rules I am trying to establish a rule that I can ping host from specific network loc3 and loc4, this is only proof that in the future to be able to establish that connection at the time but does not apply anything, not if shorewall does not work with this configuration or that happening, I am working with shorewall 4.2.10
 
Old 09-07-2012, 08:23 PM   #4
squesada
LQ Newbie
 
Registered: Sep 2012
Location: Costa Rica
Posts: 1

Rep: Reputation: Disabled
Post Response to alitabas

Hello alitabas, you can try this config in the hosts file, all the zones belongs to the same interface eth0, there is no need to add the 0.1X for each line:
loc1 eth0 192.168.0.0/24
loc2 eth0 192.168.10.255
loc3 eth0 192.168.11.255
loc4 eth0 192.168.12.255

On the interface file try this, the (-) sign is because the eth0 interface serves multiple zones, even if you use "subinterfaces" on the same eth0, there is no need to configure each zone because all of them belongs to the same interface eth0, and the "detect" setting is to detect the traffic subnet that is passing on the interface:
- eth0 detect

Hope this helps.
 
  


Closed Thread


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
routing control vlan with shorewall alitabas LinuxQuestions.org Member Intro 0 08-13-2009 11:01 PM
VLAN routing/default gateway ? bala.linux Linux - Networking 8 03-18-2009 05:16 AM
shorewall routing wrongly Randall Slack Linux - Networking 0 06-24-2008 03:33 AM
SHOREWALL Firewall Routing Problem cccc Linux - Security 8 03-07-2006 02:50 PM
VLAN Routing teamchachi Linux - Networking 0 06-14-2005 10:54 AM


All times are GMT -5. The time now is 01:37 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration