Re: [Shorewall-users] Advice on vlans and pppoe

Mon, 18 Feb 2008 14:49:21 -0800 

Chris Mason (Lists) wrote:
> The traffic come to me with 802.1q encapsulation, two vlans on one 
> interface. 780 is the pppoe adsl feed, 790 is the static IP. I was able 
> to bring the 790 feed up first, and it works as an interface if I ping 
> it and ping the gateway for that network, but I never got it to work in 
> Shorewall.
> 
> With the 790 and 780 up, eth1 has more than one IP so I don't know how 
> to refer to eth1:790 in shorewall.
> 
> I could insert a vlan capable switch upstream and separate the networks 
> to different interfaces, but that would be too easy, and us linux types 
> don't do it the easy way.

All of the Linux VLAN howtos I've read result in a different interface
for each VLAN (even though they all share a single physical interface).

Here's sample output from 'ip addr ls':

4: [EMAIL PROTECTED]: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc noqueue
    link/ether 00:1a:64:8b:fd:00 brd ff:ff:ff:ff:ff:ff
    inet 200.13.169.2/29 brd 200.13.169.7 scope global vlan179
    inet6 fe80::21a:64ff:fe8b:fd00/64 scope link
       valid_lft forever preferred_lft forever
5: [EMAIL PROTECTED]: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc noqueue
    link/ether 00:1a:64:8b:fd:00 brd ff:ff:ff:ff:ff:ff
    inet 10.215.0.5/24 brd 10.215.0.255 scope global vlan152
    inet6 fe80::21a:64ff:fe8b:fd00/64 scope link
       valid_lft forever preferred_lft forever

Those two vlans would be referred to in Shorewall as vlan179 and vlan152
respectively. Another common naming convention would be eth0.179 and
eth0.152.

So I have not seen another case of what you are apparently doing. But if
it ends up with multiple IP addresses on a single interface using the
archaic 'aliased interface' naming convention then you need to read
http://www.shorewall.net/Shorewall_and_Aliased_Interfaces.html

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ [EMAIL PROTECTED]
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key

Attachment: signature.asc
Description: OpenPGP digital signature

-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to