michel bidard a icrit :
Henning Brauer a icrit :
* [EMAIL PROTECTED] <[EMAIL PROTECTED]> [2006-12-08 20:15]:
you need on openbsd
ifconfig vlan0 create
ifconfig vlan0 vlan 2 vlandev rl0 up
no. create is implicit.
This is what I already did and tried for each port configured on the
switch:
1- interface FastEthernet0/23
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 2-8
switchport mode trunk
spanning-tree portfast
no cdp enable
2- And then the ports for the vlans ...
interface FastEthernet0/2
switchport access vlan 2
spanning-tree portfast
no cdp enable
I did the same for all the ports on the switch and then .. write memory.
3- This is what I have in my /etc/hostname.vlan0
10.0.0.1 255.255.255.0 vlan 2 vlandev rl0
And the same for all the vlans ...
4- Finally the config in /etc/pf.conf for natting ...
nat on tun0 from 10.0.0.0/24 to any -> tun0
And again the same for all the vlans ...
So I'm using a Class C mask ... maybe I should change that ? Is there
something I should add in /etc/pf.conf ?
Thank you very much for your answers,
Mik
Ok ... here is the "ifconfig -A" ...
# ifconfig -A
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 33224
groups: lo
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x7
ste0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:05:5d:07:9d:77
media: Ethernet autoselect (none)
status: no carrier
de0: flags=8863<UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:00:e8:0c:38:ea
media: Ethernet autoselect (10baseT)
status: active
inet6 fe80::200:e8ff:fe0c:38ea%de0 prefixlen 64 scopeid 0x2
rl0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:48:54:80:d0:ec
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet 192.168.1.253 netmask 0xffffff00 broadcast 192.168.1.255
inet6 fe80::248:54ff:fe80:d0ec%rl0 prefixlen 64 scopeid 0x3
pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33224
pfsync0: flags=0<> mtu 1460
enc0: flags=0<> mtu 1536
vlan0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:48:54:80:d0:ec
vlan: 2 priority: 0 parent interface: rl0
groups: vlan
inet6 fe80::248:54ff:fe80:d0ec%vlan0 prefixlen 64 scopeid 0x8
inet 10.0.0.1 netmask 0xff000000 broadcast 255.255.255.0
vlan1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:48:54:80:d0:ec
vlan: 3 priority: 0 parent interface: rl0
groups: vlan
inet6 fe80::248:54ff:fe80:d0ec%vlan1 prefixlen 64 scopeid 0x9
inet 10.0.1.1 netmask 0xff000000 broadcast 255.255.255.0
vlan2: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:48:54:80:d0:ec
vlan: 4 priority: 0 parent interface: rl0
groups: vlan
inet6 fe80::248:54ff:fe80:d0ec%vlan2 prefixlen 64 scopeid 0xa
inet 10.0.2.1 netmask 0xff000000 broadcast 10.255.255.255
vlan3: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:48:54:80:d0:ec
vlan: 5 priority: 0 parent interface: rl0
groups: vlan
inet6 fe80::248:54ff:fe80:d0ec%vlan3 prefixlen 64 scopeid 0xb
inet 10.0.3.1 netmask 0xff000000 broadcast 10.255.255.255
vlan4: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:48:54:80:d0:ec
vlan: 6 priority: 0 parent interface: rl0
groups: vlan
inet6 fe80::248:54ff:fe80:d0ec%vlan4 prefixlen 64 scopeid 0xc
inet 10.0.4.1 netmask 0xff000000 broadcast 10.255.255.255
vlan5: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:48:54:80:d0:ec
vlan: 7 priority: 0 parent interface: rl0
groups: vlan
inet6 fe80::248:54ff:fe80:d0ec%vlan5 prefixlen 64 scopeid 0xd
inet 10.0.5.1 netmask 0xff000000 broadcast 10.255.255.255
tun0: flags=8011<UP,POINTOPOINT,MULTICAST> mtu 1492
groups: tun egress
inet 65.94.2.93 --> 64.230.197.66 netmask 0xffffffff
This is what I'm getting when I try to ping my own vlan from the
firewall. As I said, the first vlan works but not the others:
# pfctl -d
pf disabled
# ping 10.0.0.1
PING 10.0.0.1 (10.0.0.1): 56 data bytes
64 bytes from 10.0.0.1: icmp_seq=0 ttl=255 time=1.016 ms
64 bytes from 10.0.0.1: icmp_seq=1 ttl=255 time=0.293 ms
--- 10.0.0.1 ping statistics ---
2 packets transmitted, 2 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 0.293/0.654/1.016/0.362 ms
# ping 10.0.1.1
PING 10.0.1.1 (10.0.1.1): 56 data bytes
--- 10.0.1.1 ping statistics ---
6 packets transmitted, 0 packets received, 100.0% packet loss
# pfctl -e
pf enabled
# ping 10.0.1.1
PING 10.0.1.1 (10.0.1.1): 56 data bytes
ping: sendto: Host is down
ping: wrote 10.0.1.1 64 chars, ret=-1
ping: sendto: Host is down
ping: wrote 10.0.1.1 64 chars, ret=-1
--- 10.0.1.1 ping statistics ---
8 packets transmitted, 0 packets received, 100.0% packet loss
Using a computer in vlan1, I tried to ping the gateway 10.0.1.1 ... but
it doesn't work.
Mik
