Hi,
I am having some troubles with brouter setup.
I have customers on different VLANS but on the same subnet. I want to
allow access between customers and to allow access to internet.
Unfortunatelly I can't make customers on VLAN 10 to ping customers on
VLAN 20. Both VLANS 10 and 20 are on the _same_subnet_ 10.0.0.0/24.
Here is my current setup:
INTERNET
|
+-----------+------------+----------+
| | eth2 | |
| | 1.2.3.4/30 | |
| +------------+ |
| |
| +---------------------------+ |
| | br0 | |
| | 10.0.0.1/24 | |
| +-------------+-------------+ |
| | bond0.10 | bond0.20 | |
| | vlan 10 | vlan 20 | |
+---+-------------+-------------+---+
| |
10.0.0.10 10.0.0.20
I have eth0 and eth1 bonded into bond0. On bond0 I have VLAN
interfaces bond0.10 and bond0.20 for VLAN 10 and VLAN 20 respectively.
These bond0.10 and bond0.20 interfaces are bridged into interface br0.
br0 address 10.0.0.1 is default gateway IP for customer1 10.0.0.10/24
on VLAN 10 and for customer2 10.0.0.20/24 on VLAN 20.
eth2 is my internet facing interface. There is no NAT.
Internet access for both customers is working just fine with the
following ebtables rules:
ebtables -A FORWARD -i bond0.10 -j DROP
ebtables -A FORWARD -i bond0.20 -j DROP
ebtables -t broute -A BROUTING -p ! arp -i bond0.10 -j DROP
ebtables -t broute -A BROUTING -p ! arp -i bond0.20 -j DROP
However I am struggling to enable access between customer 10.0.0.10
and customer 10.0.0.20.
Please can you advise?
--
Dovydas Sankauskas
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
