LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 04-20-2015, 09:53 AM   #1
krobinson
LQ Newbie
 
Registered: Apr 2015
Posts: 2

Rep: Reputation: Disabled
iptables multiple interfaces same subnet to multiple vlan interfaces


In our lab network we are running multiple virtual routers and want to replace them with iptables. I am not sure if this setup will be possible nor not sure where to start.

The new setup will be a 10G connection for all the traffic. The idea is to have multiple eth0 alias all on the same subnet. eth0:120, eth0:121, eth0:122, eth0:123 ....... eth0:210. Each will have an ip address on the same 255.255.252.0. The default gateway for these will be 10.1.0.1.

Then there will be tagged alias as well eth0.120 to eth0.210 with ip address of 192.168.0.1/24

Is it possible to use iptables to forward all traffic (including icmp/ping) from 10.1.1.120 on eth0:120 to ip 192.168.0.23 on eth0.120 and 10.1.1.121 on eth0:121 to 192.168.0.23 on eth0.121

I know that forwarding, arp announce (2), arp ignore(1), arp filter (0 or 2) in sysctl.

We are using CentOS 6.5 min install.
 
Old 04-21-2015, 10:30 AM   #2
business_kid
LQ Guru
 
Registered: Jan 2006
Location: Ireland
Distribution: Slackware, Slarm64 & Android
Posts: 16,147

Rep: Reputation: 2308Reputation: 2308Reputation: 2308Reputation: 2308Reputation: 2308Reputation: 2308Reputation: 2308Reputation: 2308Reputation: 2308Reputation: 2308Reputation: 2308
I'm not sure what you are actually trying to achieve. In principle, you can do vlans in linux. Their principle advantage is that of isolating traffic from other traffic that might be on the same piece of cat5. Example might be an office on 2 levels of a building with accounts, sales, research, and management all with their own vlans on the single wired connection between them. You can route them with routing protocols, but it's not for the faint hearted. I lose you when you start talking about using iptables and vlans to replace virtual routers. You will hardly achieve it with a few mouse clicks.

Can you sketch your idea and hang it up somewhere?
 
Old 04-21-2015, 02:40 PM   #3
krobinson
LQ Newbie
 
Registered: Apr 2015
Posts: 2

Original Poster
Rep: Reputation: Disabled
See picture as you read this
when someone is on the computer and enters in IP address 10.1.1.120 (address of eth0.120) ALL the traffic will be forwarded out eth0:120 to IP address 192.168.0.23.

The idea is to be able to constantly remove units but we don't have to change the IP address.

Another way to look at it is port forwarding but will ALL ports

10.1.1.120 (eth0.120) forwarded to interface eth0:120 (192.168.0.1) to IP address 192.168.0.23

We are using openwrt with port forwarding on VMs but the quality of VMs are becoming unstable.

hope this helps
Attached Thumbnails
Click image for larger version

Name:	labnetwork.jpg
Views:	148
Size:	29.8 KB
ID:	18195  
 
Old 04-22-2015, 04:25 AM   #4
business_kid
LQ Guru
 
Registered: Jan 2006
Location: Ireland
Distribution: Slackware, Slarm64 & Android
Posts: 16,147

Rep: Reputation: 2308Reputation: 2308Reputation: 2308Reputation: 2308Reputation: 2308Reputation: 2308Reputation: 2308Reputation: 2308Reputation: 2308Reputation: 2308Reputation: 2308
From a physical perspective, you don't seem to need vlans at all, but you do need a clever and expensive switch that understands vlans. And I don't think a box will automagically expect a vlan. You will have to program or set that and it's routes explicitly.

As all this is going on inside VMs, I am going to stop offering advice, as I do not consider myself sufficiently knowledgeable on VMs. If you replaced all of your vlans with plain IPs, this would get a lot simpler. To trouble another VM, one of your unstable VMs would have to address it by it's IP and hack it there. A simple firewall on the vm should stop that.

allow 10.0.1.xx
allow <centos box>
deny all
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
IPTables/Route and multiple interfaces configuration TCB13 Linux - Networking 2 07-28-2012 10:27 AM
Multiple interfaces in one VLAN Fund-A-Mental Linux - Networking 1 03-06-2007 07:44 AM
Iptables firewall in multiple lan interfaces Neelesh Linux - Security 3 07-31-2004 01:19 PM
IPTables and multiple interfaces MaverickApollo Linux - Networking 7 12-28-2003 04:19 PM
netfilter iptables and multiple interfaces raypen Linux - Networking 1 07-23-2002 09:07 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 08:52 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration