Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I'm work with vlans in centos, i've a firewall with shorewall. I try to conect 3 pc in diferent vlan, the conection is ok, but with shorewall I need control the traffic between there but I can't, the rules are correct, but they do nothing, I need to connect a host on a network segment to another in specific, are addressed to a VLAN where shorewall but I can not get connected. I am testing to implement this distribution in an office. Someone could help me please
well you don't route vlans, you route subnets, so as these seperate concepts seem to be a bit mixed up, can we work out how they are seperate? how are these vlans connecting to shorewall? .1q tagging? multiple nics? what does the actual interface and routing table config look like?
Ok, i try that the shorewall routing the traffic with vlan with 802.1q module I've 3 vlan, eth0.10, eth0.11 and eth0.12, in the same nic, I've only one nic. I'm connect to a switch with 4 ports, this don't support of vlan, in the others ports are connect 3 pc's with different network segment for eth0.10 is 192.168.10.0/24, for eth0.11 is 192.168.11.0/24 and for eth0.12 is 192.168.12.0/24,these are configured as a gateway to a VLAN.
[root@localhost network-scripts]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:08:A1:B3:29:BE
inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::208:a1ff:feb3:29be/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:10336 errors:1 dropped:0 overruns:0 frame:1
TX packets:10104 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:4234555 (4.0 MiB) TX bytes:1883980 (1.7 MiB)
Interrupt:185 Base address:0xe000
eth0.11 Link encap:Ethernet HWaddr 00:08:A1:B3:29:BE
inet6 addr: fe80::208:a1ff:feb3:29be/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
eth0.12 Link encap:Ethernet HWaddr 00:08:A1:B3:29:BE
inet addr:192.168.12.1 Bcast:192.168.12.255 Mask:255.255.255.0
inet6 addr: fe80::208:a1ff:feb3:29be/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:17 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:4539 (4.4 KiB)
the route tables is
[root@localhost network-scripts]# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.0.0 * 255.255.255.0 U 0 0 0 eth0
192.168.12.0 * 255.255.255.0 U 0 0 0 eth0
192.168.12.0 * 255.255.255.0 U 0 0 0 eth0.12
192.168.11.0 * 255.255.255.0 U 0 0 0 eth0
192.168.10.0 * 255.255.255.0 U 0 0 0 eth0
192.168.10.0 * 255.255.255.0 U 0 0 0 eth0.10
169.254.0.0 * 255.255.0.0 U 0 0 0 eth0.12
default 192.168.0.1 0.0.0.0 UG 0 0 0 eth0
this is the configuration, in the shorewall is
zones file
loc1 ipv4
loc2 ipv4
loc3 ipv4
loc4 ipv4
interfaces file
zone interface broadcast
loc1 eth0 192.168.0.255
loc2 eth0.10 192.168.10.255
loc3 eth0.11 192.168.11.255
loc4 eth0.12 192.168.12.255
in hosts file no admit anything i try configured this
loc1 eth0:192.168.0.0/24
loc2 eth0.10:192.168.10.0/24
loc3 eth0.11:192.168.11.0/24
loc4 eth0.12:192.168.12.0/24
but is a duplicate of network error
the policy's file is
fw all ACCEPT
loc1 all ACCEPT info
loc2 all ACCEPT info
loc3 all ACCEPT info
loc4 all ACCEPT info
all all REJECT info
this is the configuration in the rules I am trying to establish a rule that I can ping host from specific network loc3 and loc4, this is only proof that in the future to be able to establish that connection at the time but does not apply anything, not if shorewall does not work with this configuration or that happening, I am working with shorewall 4.2.10
Hello alitabas, you can try this config in the hosts file, all the zones belongs to the same interface eth0, there is no need to add the 0.1X for each line:
loc1 eth0 192.168.0.0/24
loc2 eth0 192.168.10.255
loc3 eth0 192.168.11.255
loc4 eth0 192.168.12.255
On the interface file try this, the (-) sign is because the eth0 interface serves multiple zones, even if you use "subinterfaces" on the same eth0, there is no need to configure each zone because all of them belongs to the same interface eth0, and the "detect" setting is to detect the traffic subnet that is passing on the interface:
- eth0 detect
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.