Aaron S. Joyner wrote: > Any input anyone can offer about possible solutions, or even providing > further insight into the problem, would be most appreciated. :) I don't see how you can make this work without SNAT'ing all the incoming traffic on each VLAN interface into a unique IP address range. In addition, as you already mentioned, you'll have to mess with the routing tables as well; you can apply a "mark" to the connections in the connection table for each VLAN interface, then use that to select an outbound routing table. It's pretty complex; realistically, you might actually be better off creating virtual machines to NAT the traffic onto the "internal" network in the box, then hide it all from the services on that box. Alternatively, you could buy a whole boatload of cheap NAT routers, and attach each one of them to a non-tagged VLAN port on your switch (one for each VLAN), then connect the "upstream" side of them to a non-VLAN-enabled switch with your Linux box on it. Third alternative would be to do the VLAN switching with a device that is actually a Layer 3 router as well, that can do the NAT for you. All of these solutions, though, involve NAT, which will bring along other problems if you are running applications/protocols that are not NAT friendly.
