Re: [CentOS] VLAN's
Hi All, Thanks for everyone's feedback. The issues was related to our SIP provider routing private IP's to get the SIP to work (we were not aware of this). We configured VLAN's and put the SIP phones on a different range that the SIP provider did not route. However all your advice and assistance is greatly appreciated. Regards Jennifer Botten ETECH -Original Message- From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of Tom H Sent: 24 July 2011 02:57 PM To: CentOS mailing list Subject: Re: [CentOS] VLAN's On Sat, Jul 23, 2011 at 3:26 PM, John R Pierce pie...@hogranch.com wrote: On 07/23/11 12:09 PM, Tom H wrote: Even after this explanation I don't understand your objection to helping someone with a firewall and routing issue on a CentOS box. You might have a point if the executables didn't come from packages in the canonical CentOS repo. I'm writing my doctoral thesis on pygmy rhino genetic marker traits, I am using LibreOffice on CentOS. Should I put the 1 or 2 pages of abstract before or after my table of contents. :) I was of course assuming that the query was about system administration and not anything remotely similar to what you're suggesting! I get your point that there has to be a limit but I still think that the limit that you're proposing's too restrictive. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] VLAN's
On Sat, July 23, 2011 15:02, John R Pierce wrote: On 07/23/11 10:22 AM, Kristopher Kane wrote: this sort of thing really belongs on an iproute2/netfilter mail list, however, as its not at all centos specific. So John, exactly what is CentOS specific? Should I only read the emails with release speculation? things related to the packaging, repos. at least stuff thats EL3/4/5/6 related. otherwise, the mission creep on this list turns it into a free for all. hey I'm having problems with my set-top tv box, and it runs linux inside, and centos is linux, can you guys ? From the mailing list page: The CentOS discussion and information list is a general purpose communication list for centos. Note the concept of general purpose places no exceptionally stringent constraints on subject matter. If you feel strongly that your needs are limited to things related to the packaging, repos then might I suggest that the centos-devel list better meets your requirements than this one. -- *** E-Mail is NOT a SECURE channel *** James B. Byrnemailto:byrn...@harte-lyne.ca Harte Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] VLAN's
On Sat, Jul 23, 2011 at 3:26 PM, John R Pierce pie...@hogranch.com wrote: On 07/23/11 12:09 PM, Tom H wrote: Even after this explanation I don't understand your objection to helping someone with a firewall and routing issue on a CentOS box. You might have a point if the executables didn't come from packages in the canonical CentOS repo. I'm writing my doctoral thesis on pygmy rhino genetic marker traits, I am using LibreOffice on CentOS. Should I put the 1 or 2 pages of abstract before or after my table of contents. :) I was of course assuming that the query was about system administration and not anything remotely similar to what you're suggesting! I get your point that there has to be a limit but I still think that the limit that you're proposing's too restrictive. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] VLAN's
On Friday, July 22, 2011 10:55 PM, Jennifer Botten wrote: Hi Julio, -A FORWARD -i eth2.2 -s 192.168.1.0/24 -d 10.30.4.28 -p udp -j ACCEPT -A FORWARD -i eth2.2 -s 192.168.1.0/24 -d 192.168.0.0/24 -p tcp -j ACCEPT -A FORWARD -i eth1 -s 192.168.0.0/24 -d 192.168.1.0/24 -p tcp -j ACCEPT -A FORWARD -i eth3 -s 10.30.4.28 -o eth2.2 -p udp -j ACCEPT -A POSTROUTING -m helper --helper sip -m state --state ESTABLISHED,RELATED dumb question but do you have ip forwarding enabled? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] VLAN's
this sort of thing really belongs on an iproute2/netfilter mail list, however, as its not at all centos specific. So John, exactly what is CentOS specific? Should I only read the emails with release speculation? -Kris ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] VLAN's
On 07/23/11 10:22 AM, Kristopher Kane wrote: this sort of thing really belongs on an iproute2/netfilter mail list, however, as its not at all centos specific. So John, exactly what is CentOS specific? Should I only read the emails with release speculation? things related to the packaging, repos. at least stuff thats EL3/4/5/6 related. otherwise, the mission creep on this list turns it into a free for all. hey I'm having problems with my set-top tv box, and it runs linux inside, and centos is linux, can you guys ? no, I don't think so. now, in reference to the OP's issues, a centos/el specific question might be how to package iptables commands within the standard EL /etc tree and work with the existing firewall scripts, or where to put ip rule/route commands (where SHOULD you put those, anyways? I dunno. mine end up in /etc/rc.d/rc.firewall which is invoked from rc.local and I *know* thats sloppy as heck). -- john r pierceN 37, W 122 santa cruz ca mid-left coast ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] VLAN's
On Sat, Jul 23, 2011 at 3:02 PM, John R Pierce pie...@hogranch.com wrote: On 07/23/11 10:22 AM, Kristopher Kane wrote: this sort of thing really belongs on an iproute2/netfilter mail list, however, as its not at all centos specific. So John, exactly what is CentOS specific? Should I only read the emails with release speculation? things related to the packaging, repos. at least stuff thats EL3/4/5/6 related. otherwise, the mission creep on this list turns it into a free for all. hey I'm having problems with my set-top tv box, and it runs linux inside, and centos is linux, can you guys ? no, I don't think so. now, in reference to the OP's issues, a centos/el specific question might be how to package iptables commands within the standard EL /etc tree and work with the existing firewall scripts, or where to put ip rule/route commands (where SHOULD you put those, anyways? I dunno. mine end up in /etc/rc.d/rc.firewall which is invoked from rc.local and I *know* thats sloppy as heck). Even after this explanation I don't understand your objection to helping someone with a firewall and routing issue on a CentOS box. You might have a point if the executables didn't come from packages in the canonical CentOS repo. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] VLAN's
On 07/23/11 12:09 PM, Tom H wrote: Even after this explanation I don't understand your objection to helping someone with a firewall and routing issue on a CentOS box. You might have a point if the executables didn't come from packages in the canonical CentOS repo. I'm writing my doctoral thesis on pygmy rhino genetic marker traits, I am using LibreOffice on CentOS. Should I put the 1 or 2 pages of abstract before or after my table of contents. -- john r pierceN 37, W 122 santa cruz ca mid-left coast ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] VLAN's
On Sat, 2011-07-23 at 12:26 -0700, John R Pierce wrote: On 07/23/11 12:09 PM, Tom H wrote: Even after this explanation I don't understand your objection to helping someone with a firewall and routing issue on a CentOS box. You might have a point if the executables didn't come from packages in the canonical CentOS repo. I'm writing my doctoral thesis on pygmy rhino genetic marker traits, I am using LibreOffice on CentOS. Should I put the 1 or 2 pages of abstract before or after my table of contents. If it is your second or fourth attempt then ensure the abstract exceeds 2 pages otherwise it should be a single page if possible but certainly no more that an absolute maximum of 2 pages. Do not forget to include the acknowledge at the bottom of each page that you are using LibreOffice and, of course, the correct Centos version which you can obtain by typing uname -a into a terminal window. Some versions of Centos default to bad spellings, i.e. they use the broken version of English commonly known as 'American English but if you change your English configuration by typing, into a terminal window, Centos = real english, your spell checker should give you the correct results. Please note that syntax is scheduled to change in Centos 6.1 and may affect all versions of M$ Windoze 8, Apple Mac Snowplough and FreeBSD versions 216 and 217. Solaris version 13 has already changed to use the revised syntax. Glad I could help you. -- With best regards, Paul. England, EU. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] VLAN's
Hi, I have a firewall running IPTABLES. I have tried to route sip traffic from my WAN(eth3) interface to a VLAN(eth2.2) interface, however the data will not route to the VLAN it keeps routing to the default interface(eth2). Does anyone have an idea as to what I need to look for? Regards Jennifer Botten ETECH Tel: +2787 150 5285 Fax: 086 638 2412 Mobile:+27 82 496 4009 E-Mail: mailto:jenni...@etech.co.za jenni...@etech.co.za Website:http://www.etech.co.za/ www.etech.co.za cid:image001.gif@01CBE895.00AF7120 The views expressed in this email are, unless otherwise stated, those of the author and not those of the Etech or its management. The information in this email is confidential and is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted in reliance on this, is prohibited and may be unlawful. Whilst all reasonable steps are taken to ensure the accuracy and integrity of information and data transmitted electronically and to preserve the confidentiality thereof, no liability or responsibility whatsoever is accepted if information or data is, for whatever reason, corrupted or does not reach its intended destination. image001.gif___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] VLAN's
Hi Jennifer, Could you copy the iptables rules? Julio On 7/22/2011 8:49 AM, Jennifer Botten wrote: Hi, I have a firewall running IPTABLES. I have tried to route sip traffic from my WAN(eth3) interface to a VLAN(eth2.2) interface, however the data will not route to the VLAN it keeps routing to the default interface(eth2). Does anyone have an idea as to what I need to look for? Regards Jennifer Botten ETECH Tel:+2787 150 5285 Fax:086638 2412 Mobile: +27 82496 4009 E-Mail:jenni...@etech.co.za Website: www.etech.co.za The views expressed in this email are, unless otherwise stated, those of the author and not those of the Etech or its management. The information in this email is confidential and is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted in reliance on this, is prohibited and may be unlawful. Whilst all reasonable steps are taken to ensure the accuracy and integrity of information and data transmitted electronically and to preserve the confidentiality thereof, no liability or responsibility whatsoever is accepted if information or data is, for whatever reason, corrupted or does not reach its intended destination. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] VLAN's
On 7/22/2011 8:49 AM, Jennifer Botten wrote: Hi, I have a firewall running IPTABLES. I have tried to route sip traffic from my WAN(eth3) interface to a VLAN(eth2.2) interface, however the data will not route to the VLAN it keeps routing to the default interface(eth2). Does anyone have an idea as to what I need to look for? Vlan interfaces should work like any other interface in terms of routing. Things should follow the most specific route (smallest netmask). -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] VLAN's
Hi Julio, -A FORWARD -i eth2.2 -s 192.168.1.0/24 -d 10.30.4.28 -p udp -j ACCEPT -A FORWARD -i eth2.2 -s 192.168.1.0/24 -d 192.168.0.0/24 -p tcp -j ACCEPT -A FORWARD -i eth1 -s 192.168.0.0/24 -d 192.168.1.0/24 -p tcp -j ACCEPT -A FORWARD -i eth3 -s 10.30.4.28 -o eth2.2 -p udp -j ACCEPT -A POSTROUTING -m helper --helper sip -m state --state ESTABLISHED,RELATED Thanks Jennifer From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of cbul...@gmail.com Sent: 22 July 2011 04:37 PM To: centos@centos.org Subject: Re: [CentOS] VLAN's Hi Jennifer, Could you copy the iptables rules? Julio On 7/22/2011 8:49 AM, Jennifer Botten wrote: Hi, I have a firewall running IPTABLES. I have tried to route sip traffic from my WAN(eth3) interface to a VLAN(eth2.2) interface, however the data will not route to the VLAN it keeps routing to the default interface(eth2). Does anyone have an idea as to what I need to look for? Regards Jennifer Botten ETECH Tel: +2787 150 5285 Fax: 086 638 2412 Mobile:+27 82 496 4009 E-Mail:jenni...@etech.co.za Website: www.etech.co.za http://www.etech.co.za/ cid:image001.gif@01CBE895.00AF7120 The views expressed in this email are, unless otherwise stated, those of the author and not those of the Etech or its management. The information in this email is confidential and is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted in reliance on this, is prohibited and may be unlawful. Whilst all reasonable steps are taken to ensure the accuracy and integrity of information and data transmitted electronically and to preserve the confidentiality thereof, no liability or responsibility whatsoever is accepted if information or data is, for whatever reason, corrupted or does not reach its intended destination. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos image001.gif___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] VLAN's
On 07/22/11 6:49 AM, Jennifer Botten wrote: Hi, I have a firewall running IPTABLES. I have tried to route sip traffic from my WAN(eth3) interface to a VLAN(eth2.2) interface, however the data will not route to the VLAN it keeps routing to the default interface(eth2). Does anyone have an idea as to what I need to look for? To route stuff out different interfaces, I found I had to use ip rules. In my case, I wanted specific local hosts (on the private LAN) to route out an alternate interface, so I did something like... iptables -t nat -A POSTROUTING -s 10.0.1.0/24 -j SNAT --to $net2.98 ip rule add from $net2.96/28 table 2 ip rule add from 10.0.1.0/24 table 2 ip route add default via $net2.97 dev $port2 table 2 to explain this, the LAN is 10.0.0.0/16. hosts on 10.0.0.0-255 are to be routed out the default interface, while a few hosts specifically put on 10.0.1.98-110 are to be routed out this 2nd interface, $net2.96/28 the two ip rule commands tag any traffic that is from either the second external circuit or the reserved subnet of the local network to use 'table 2'. the ip route command says anything thats table 2 is to use the second circuit's gateway and port -- john r pierceN 37, W 122 santa cruz ca mid-left coast ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] VLAN's
On 7/22/2011 1:17 PM, John R Pierce wrote: I have a firewall running IPTABLES. I have tried to route sip traffic from my WAN(eth3) interface to a VLAN(eth2.2) interface, however the data will not route to the VLAN it keeps routing to the default interface(eth2). Does anyone have an idea as to what I need to look for? To route stuff out different interfaces, I found I had to use ip rules. In my case, I wanted specific local hosts (on the private LAN) to route out an alternate interface, so I did something like... iptables -t nat -A POSTROUTING -s 10.0.1.0/24 -j SNAT --to $net2.98 ip rule add from $net2.96/28 table 2 ip rule add from 10.0.1.0/24 table 2 ip route add default via $net2.97 dev $port2 table 2 to explain this, the LAN is 10.0.0.0/16. hosts on 10.0.0.0-255 are to be routed out the default interface, while a few hosts specifically put on 10.0.1.98-110 are to be routed out this 2nd interface, $net2.96/28 You need this because you want to route based on the source address, not the destination. That might be what the OP wants too, but it's not clear from the question and doesn't have anything to do with the interfaces being vlans. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] VLAN's
On 07/22/11 11:29 AM, Les Mikesell wrote: You need this because you want to route based on the source address, not the destination. That might be what the OP wants too, but it's not clear from the question and doesn't have anything to do with the interfaces being vlans. well, I suspect he wants to route based on it being SIP traffic, which is typically 5060 or 5061 tcp or udp, so will have iptables NAT these to an IP on the subnet of the alternate VLAN, then he'd use that VLAN's address as the rule for the source-based routing. this sort of thing really belongs on an iproute2/netfilter mail list, however, as its not at all centos specific. -- john r pierceN 37, W 122 santa cruz ca mid-left coast ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
