On 06/13/2016 06:25 AM, Răzvan Sandu wrote: > Hello, > > Please explain (in a piece of documentation similar to > http://shorewall.net/Shorewall_and_Aliased_Interfaces.html) how to > *correctly* define and use VLAN interfaces with shorewall. > > This seems to be an entirely different situation than aliased > interfaces, because of their (desired) complete separation at the OSI 2 > level. > > Defining VLAN interfaces on Red Hat/Fedora distros is explained here: > > https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Networking_Guide/sec-Configure_802_1Q_VLAN_Tagging_Using_the_Command_Line.html > > However, in practice, simply creating virtual interfaces ethX.100 and > ethX.200, assigning IP addreses to them and putting them in different > firewall zones seems not to work. This is especially the case when one > of the VLANs is the default one (VLAN1, on ethX.1), because some > returning frames seems to be treated by the parent interface ethX > instead of ethX.1 (VLAN1), despite being tagged with VID1, not untagged.
I have no direct experience with VLANs, so I am not a candidate to write such an article. But your symptoms sound like a switch configuration issue. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
