Nikolai Lusan asked:
> I have a 2 vlans, 1 untagged with private IP's (vlan1) and 1 tagged
> (vlan2) with non-private IP addresses, and I want to remove the vlan
> tags before sending vlan2 packets out over my internet link and add them
> back before sending packets from the internet to vlan2. Should this be
> done in the iptbales mangle table? or do I need to use ebtables? And
> exactly how should I go doing this?
You need to have a vlan tagged subinterface on the link that connects to your switch. This will "remove" the VLAN tag on incoming packets and add one on outgoing packets.
Assuming that's eth1, you'd create a subinterface like this:
# vconfig add eth1 <vland2-id>
Note that your distro might have fancier ways to set up vlan tagged interfaces.
Apart from that you really didn't tell us quite enough about your setup.
If vlan2 needs to be routed (i.e. it's a different net from what is on eth0), then
# ifconfig eth1.<vlan2-id> <gw-address-in-network> netmask ... broadcast ...
# echo "1" > /proc/sys/net/ipv4/ip_forward
should do the trick once you have routing set up properly - i.e. hosts in vlan2 need to use the tagged subinterface's ip as gateway; external hosts need to know that they can reach hosts on the vlan2 network via eth0 of your box.
If, on the other hand, vlan2 needs to be bridged (i.e. it's same network as on eth0), then you need to setup a bridge
# brctl addbr br0
# brctl addif br0 eth0
# brctl addif br0 eth1.<vlan2-id>
# ifconfig eth0 0.0.0.0 promisc up
# ifconfig eth1.<vlan2-id> promisc up
# ifconfig br0 <former-eth0-ip> netmask <former-eth0-netmask> broadcast <former-eth0-broadcast>
# route add default gw <former-default-gateway>
Once again your distro might have a more convenient way to setup a bridge.
All totally OTTOH so YMMV ;-)
HTH,
Thomas
��.n��������+%�������w��{.n����z���)���jg���������ݢj�����G��������j:+v���w�m������w�������h�����٥
