[Shorewall-users] Changing eth0 to VLANs

Thu, 05 Sep 2013 09:37:15 -0700 

# shorewall version
4.5.20

Hi,

I've got a firewall with four interfaces, eth0, eth1, eth2 and eth3.

eth0 is the local LAN, eth1 the net, eth2 wifi and eth3 DMZ

I have a new requirement to VLAN the local LAN and am having trouble 
with setting up the Firewall.

The VLANs are setup ok:

# cat /proc/net/vlan/config
VLAN Dev name    | VLAN ID
Name-Type: VLAN_NAME_TYPE_RAW_PLUS_VID_NO_PAD
eth0.1000      | 1000  | eth0
eth0.1015      | 1015  | eth0
eth0.1018      | 1018  | eth0
eth0.192       | 192  | eth0

I have adjusted zones:
fw      firewall
net     ipv4
loc     ipv4
v1000   ipv4
v1015   ipv4
v1018   ipv4
dmz     ipv4
motex   ipv4

and interfaces:
-               eth1 dhcp,bridge,tcpflags,nosmurfs,routefilter,logmartians
loc             eth0.192 
dhcp,routeback,tcpflags,nosmurfs,routefilter,logmartians
v1000           eth0.1000 
routeback,tcpflags,nosmurfs,routefilter,logmartians
v1015           eth0.1015 
routeback,tcpflags,nosmurfs,routefilter,logmartians
v1018           eth0.1018 
routeback,tcpflags,nosmurfs,routefilter,logmartians
motex           eth2 tcpflags,nosmurfs,routefilter,logmartians
dmz             eth3 tcpflags,nosmurfs,routefilter,logmartians

I have also something in nat:
192.168.0.2     eth0.192        10.0.225.5      no              no

The problem is when I switch over to VLANning on Shorewall and the 
switch I get lots of 'FORWARD:REJECT' log messages when internal clients 
try to access the internet and lots of 'INPUT:DROP' log messages when 
the clients try to reach the natted address.

  Shorewall:FORWARD:REJECT:IN=eth0 OUT=eth1 SRC=192.168.0.184 
DST=74.125.237.39 LEN=52 TOS=0x00 PREC=0x00 TTL=127 ID=21822 DF 
PROTO=TCP SPT=56373 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0

Shorewall:INPUT:DROP:IN=eth0 OUT= 
MAC=00:0c:29:8b:5f:80:00:22:19:08:d5:13:08:00 SRC=192.168.0.93 
DST=192.168.0.2 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP 
TYPE=8 CODE=0 ID=7988 SEQ=1

Also, these packets look like they are coming in on eth0, not eth0.192 
as I would have expected.

Are there any examples or more documentation on VLANning with Shorewall?

Any help is appreciated.

Kind regards,
Tom

------------------------------------------------------------------------------
Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more!
Discover the easy way to master current and previous Microsoft technologies
and advance your career. Get an incredible 1,500+ hours of step-by-step
tutorial videos with LearnDevNow. Subscribe today and save!
http://pubads.g.doubleclick.net/gampad/clk?id=58041391&iu=/4140/ostg.clktrk
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to