internal vlan address
hi,
i have a external ip address on my machine on eth0 interface 172.16.81.155. i have created a dummy interface eth0:2 and assigned 173.1.1.2 i run a server application by opening a socket binding to 173.1.1.2 i setup iptables rules as below: Quote:
above works fine. i remove this dummy eth0:2 interface and replace with a vlan interface eth0.2 by below commands: Quote:
then if i run server and client programs, it doesnt work. tcpdump: Quote:
|
You should explain plainly what you're trying to accomplish, rather than just posting excerpts from your firewall ruleset and expecting us to figure out how it's supposed to work.
I noticed one thing though: Your ruleset contains two rules explicitly referencing the interface "eth0". Those rules will be applied to any aliases as well, such as "eth0:2", as aliases is just a (deprecated) way of adding multiple IP addresses to the same interface. They will however NOT be applied to interfaces such as "eth0.2", as a VLAN interface is a Layer 2 interface in its own right. |
Quote:
1. Have one physical interface eth0 on a target, with 172.16.81.155 as the ip address to communicate with other nodes (for untagged normal traffic processing) 2. Have to run a socket server on top of VLAN interface. (tagged packets). had created eth0.2 interface for this purpose (173.1.1.2) 3. On the peer side, it will have ip address of 172.16.81.13. A client will be running on VLAN interface and try connecting to 172.16.81.155 as the server ip in plain terms on a single physical interface, and single ip address i should be able to have VLAN and normal traffic, but VLAN traffic should land on a different interface/ip address so that i can run my custom server applications i hope this makes sense |
tcpdump with -xxxx -vvv: tcpdump captured from 172.16.81.13:
Code:
tcpdump: listening on eno1, link-type EN10MB (Ethernet), snapshot length 262144 bytes - Code:
bash-4.3# tcpdump -xxxx -vvv port 49155 |
Please surround any terminal output with "code" tags which become available when you click the "Advanced" button beneath the compose/edit post window. It makes terminal output much easier to read.
And please tell us what you are trying to accomplish. Context matters. |
Quote:
2. Have to run a socket server on top of VLAN interface. (tagged packets). had created eth0.2 interface for this purpose (173.1.1.2) 3. On the peer side, it will have ip address of 172.16.81.13 (VLAN interface). A client will be running on VLAN interface and try connecting to 172.16.81.155 as the server ip in plain terms on a single physical interface, and single ip address (visible outside) i should be able to have VLAN and normal traffic, but VLAN traffic should land on a different ip address so that i can run my custom server applications by binding to that VLAN interface |
from tcpdump already quoted it is clear that when 172.16.81.13 is trying to open the socket communication it is indeed sending vlan tagged packet. however when 172.16.81.155 is replying back it is sending untagged packet with RST flag set.
|
All times are GMT -5. The time now is 12:41 PM. |