[Firehol-support] Routing between virtual interfaces
M. O.
mofog at hotmail.com
Sat Jan 24 17:41:27 GMT 2009
Alright, taking into consideration that the only thing I know about VLANs is what the abbreviation means and nothing more, plus the fact that I don't have any VLAN-enabled switches, I think I will just do the merging of the formerly seperated networks. But thanks a lot for your valuable input -- I appreciate it.
> If you cannot go the VLAN way, the only way to deal with this is just
> do your configuration using just "eth0". You can have a route where
> the in and out interfaces are the same, and you can control the flow
> of traffic between subnets using "src" and "dst" with the "route"
> commands.
Would this really work? If all computer are situated in the very same subnet and they are connected by just one switch, how does the server have an influence on the flow of data? If there's a package coming from A directed to B, the switch will just put the package on the particular port B is connected to and the server (being conntected to the same switch on another port) won't even notice. Or am I mistaken?
Kind Regards,
Morin
> Date: Fri, 23 Jan 2009 23:22:56 +0000
> Subject: Re: [Firehol-support] Routing between virtual interfaces
> From: cefrodrigues at gmail.com
> To: mofog at hotmail.com
> CC: firehol-support at lists.sourceforge.net
>
> On Fri, Jan 23, 2009 at 10:13 PM, M. O. <mofog at hotmail.com> wrote:
> > Thanks for the hint! I had a first look at how to run VLANs in Debian.
> >
> > There are conflicting information about how to do this. For example you say
> > it can be done by using this notation: "eth0.1". However, this doesn't seem
> > to work for me. I have to do it this way: "vlan2" and add a "vlan_raw_device
> > eth0" line. However, afterwards I cannot reach any components on the VLANs.
> > Am I right that this whole thing only works with special hardware, like
> > VLAN-enabled switches and so on?
>
> Yes, you can only have _multiple_ VLANs in a link if both ends of the
> cable understand VLANs. But if your switches have management of some
> kind (even if only a web interface) chances are they already support
> VLANs. But even then you will have to make changes at the network
> level (splitting those different subnets into different VLANs).
>
> Now, as far as the Debian configuration as concerned, "ethX.Y" and
> "vlanY; vlan_raw_device ethX" are synonyms. (BTW, "1" is not a valid
> VLAN ID. When there are multiple VLANs in a link, ID "2" and above
> means the ethernet frames have a tag with the VLAN ID added to it,
> while ID "1" means they are regular untagged frames).
>
> > If setting up a VLAN environment should turn out to be too complicated, I
> > think I will just merge all networks into one -- granted: it's just avoiding
> > and not solving the problem.
>
> From a security standpoint, you actually have one network already...
> :) And, provided you have VLAN-enabled switches, configuring VLANs
> should be about as much work as renumbering your multiple subnets into
> one.
>
> If you cannot go the VLAN way, the only way to deal with this is just
> do your configuration using just "eth0". You can have a route where
> the in and out interfaces are the same, and you can control the flow
> of traffic between subnets using "src" and "dst" with the "route"
> commands.
>
> Regards,
>
> --
> Carlos Rodrigues
_________________________________________________________________
http://redirect.gimas.net/?n=M0902xFTPFotoalbum
Digitale Fotoalben und Videos ganz einfach selbst erstellen.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.firehol.org/pipermail/firehol-support/attachments/20090124/bfffd4b6/attachment-0003.html>
More information about the Firehol-support
mailing list