|
I'm interested in learning about implementing VLAN tagging into iptables...
My main goal is to build a firewall using VLAN tagging and iptables on a single NIC computer.
Here's my scenario. I have 4 computers. I have no router/firewall. I want the DSL connection coming from my ISP going into a 5 port switch. The 4 computers would then connect to the switch. Then I want to configure one computer with VLAN tagging and iptables to filter out the outside traffic and act as my firewall.
My plan was to configure two vlan interfaces on this one firewall computer. One for the in vlan interface(eth0.3) the other for out vlan interface(eth0.5). Then on iptables I can setup up eth0.3 to receive all outside traffic then redirect the legitimate traffic(based on my iptable rules) to the eth0.5, which would then pass on to the other 3 computers. Is iptables capable of directing traffic from eth0.3 to eth0.5. Then I would have to mark all the NICs on the 3 other computers to have VLAN eth0.5 tags?
Basically a firewall. Is this possible? I think my main problem is the switch that I have cannot be configured. Wouldn't I need to configure that switch to direct all outside traffic to eth0.3?
So yeah my guess is I need a managed switch with VLAN capacity.
Figured it out, assuming it's a managed switch, configure switch to send all inbound traffic to vlan tag 3. Then on that firewall computer configure the NIC to be vlan tag 3. I then write iptable rules on the firewall box to drop all illegitimate packets. Direct only legitimate traffic to vlan tag 5, which will be the same vlan tag on the NICs of the other 3 computers. Wouldn't this work? I just need a switch capable of 802.1Q.
Last edited by trist007; 03-27-2010 at 12:44 PM.
|
