Hi all,
I some vlan routing problem,
I''m using a linux box with an 8021q kernel. I have connect eth2
ethernet
controller from linux box to a switch port that carry for vlan tagged as 2
3 4 5,
I''m able to connect to the internet from vlan but not to route traffic
between vlan, this is the output of ifconfig -a:
eth0 Link encap:Ethernet HWaddr 00:A0:24:50:E5:B2
inet addr:10.88.44.20 Bcast:10.88.44.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:20548 errors:0 dropped:0 overruns:0 frame:0
TX packets:3674 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2392010 (2.2 Mb) TX bytes:366707 (358.1 Kb)
Interrupt:10 Base address:0xc800
eth1 Link encap:Ethernet HWaddr 00:50:04:42:FD:D6
BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
Interrupt:11 Base address:0xc400
eth2 Link encap:Ethernet HWaddr 00:02:B3:2B:03:DB
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:38851 errors:62717 dropped:62717 overruns:0 frame:62717
TX packets:25410 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:3987705 (3.8 Mb) TX bytes:4940683 (4.7 Mb)
eth2.2 Link encap:Ethernet HWaddr 00:02:B3:2B:03:DB
inet addr:10.88.22.254 Bcast:10.88.22.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:38602 errors:0 dropped:0 overruns:0 frame:0
TX packets:25262 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:3420039 (3.2 Mb) TX bytes:4932271 (4.7 Mb)
eth2.3 Link encap:Ethernet HWaddr 00:02:B3:2B:03:DB
inet addr:10.88.11.254 Bcast:10.88.11.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:81 errors:0 dropped:0 overruns:0 frame:0
TX packets:155 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:7859 (7.6 Kb) TX bytes:9474 (9.2 Kb)
eth2.4 Link encap:Ethernet HWaddr 00:02:B3:2B:03:DB
inet addr:10.88.33.254 Bcast:10.88.33.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
eth2.5 Link encap:Ethernet HWaddr 00:02:B3:2B:03:DB
inet addr:10.88.55.254 Bcast:10.88.55.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:161 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:14593 (14.2 Kb) TX bytes:0 (0.0 b)
gre0 Link encap:UNSPEC HWaddr
00-00-00-00-FF-00-00-00-00-00-00-00-00-00-00-00
NOARP MTU:1476 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:16 errors:0 dropped:0 overruns:0 frame:0
TX packets:16 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1672 (1.6 Kb) TX bytes:1672 (1.6 Kb)
tunl0 Link encap:IPIP Tunnel HWaddr
NOARP MTU:1480 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
eth0 is connected to a router that give me internet access, eth1 for the
moment is not configured and on ethernet controller eth2 I have 4 vlan,
I''m using shorewall 2.0.7 and I configured shorewall in this way:
masq
#INTERFACE SUBNET ADDRESS
eth0 eth2.2
eth0 eth2.3
eth0 eth2.4
eth0 eth2.5
zones
#ZONE DISPLAY COMMENTS
net Net Internet
loc22 Local22 Local Networks 22
loc33 Local33 Local Networks 33
loc11 Local11 Local Networks 11
loc55 Local55 Local Networks 55
interfaces
#ZONE INTERFACE BROADCAST OPTIONS
net eth0 detect dhcp,routefilter,norfc1918
loc22 eth2.2 detect
loc11 eth2.3 detect
loc33 eth2.4 detect
loc55 eth2.5 detect
policy
#SOURCE DEST POLICY LOG LEVEL LIMIT:BURST
#loc net ACCEPT
# If you want open access to the Internet from your Firewall
# remove the comment from the following line.
fw net ACCEPT
fw loc11 ACCEPT
fw loc22 ACCEPT
fw loc33 ACCEPT
fw loc55 ACCEPT
loc22 loc11 ACCEPT
loc11 loc22 ACCEPT
# Also If You Wish To Open Up DMZ Access To The Internet
# remove the comment from the following line.
#dmz net ACCEPT
net all DROP info
# THE FOLLOWING POLICY MUST BE LAST
all all REJECT info
from each vlan I''m able to browse the web (I have no reported my rules
file), check mail ...
If from my loc22 zone I ping pc in loc11 zone (the policy is accept all in
both direction) this is successfull, but if I do a telnet on a service for
example
telnet 10.88.11.5 1433
telnet 10.88.11.5 445
telnet 10.88.11.6 80
it fails, both the server and the service are up, from lan 10.88.11.0/24
I''m able to connect to these services
from log I see that shorewall doesn''t drop anything, I don''t
understand
the problem can you help me, please?