[VLAN] Issue with Vlans and bridges

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Fri, Jul 14, 2006 at 10:54:37PM +0100, Linux wrote:
> > Please don't send confidential email to public mailing lists.
> 
> The footer is added at the mail gateway I have little control over
> it.

Perhaps you could bring the problem to the attention of the
appropriate person in your organization? Parts of the open source
community frown heavily upon such footers for many (IMHO good)
reasons, some will even refuse to answer messages with them. E-mail
is inherently insecure, period. A footer will not change that.
Encryption and signatures may, but they cost some usability.


On to the VLAN problem, sorry for getting off topic.


On Sun, Jul 16, 2006 at 05:16:32PM +0100, Linux wrote:
> Basically traffic coming in on eth3, needs to go out through a
> default gateway of 192.168.20.1 through eth0
> 
> For traffic on eth3.40 I need this to route to 192.168.40.1 via
> eth0.40
> 
> If that makes sense, both are wanting to go to the same IP
> 135.166.X.Y.
> 
> To make things more complex the route 192.168.20.1\40.1 is running
> the DHCP server which I need to continue to use.
> 
> I need to control traffic so that they can only access certain
> ports ranges and IPs
> 
> If anyone has any suggestions on how this would be possible, I
> would be grateful.

Now we're getting somewhere. But still missing some details.

eth0: 192.168.20.0/24
eth0.40: 192.168.40.0/24

eth3: what IP net?
eth3.40: what IP net?


If you want to use the same IP net on more than one interface you
have to make a bridge.

If you want to control bridged traffic you can use either ebtables or
iptables. Bridged traffic passes through the iptables FORWARD chain
with input-interface and output-interface both set to the bridge.

If you want to make traffic that comes in on a bridge not be bridged
by Linux but instead be routed by Linux you have to use at least one
ebtables rule to DROP that traffic in the BROUTE ebtable as said
earlier. I can't say yet if you need this.


Both 192.168.20.1 and 192.168.40.1 are routers of some sort. Will
both work as default gateway and you just want to decide between
them only based on incoming source interface, or is the routing
more complex?


//Peter
[Index of Archives]     [Netdev]     [Ethernet Bridging]     [Linux Wireless]     [Kernel Newbies]     [Security]     [Linux for Hams]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux Admin]     [Samba]     [Video 4 Linux]

  Powered by Linux