[Firewall] vlan traffic

Matthew Nelson matt at aa-technology.com
Mon Mar 1 21:36:47 CET 2010


Hi All,

I've got several vlans setup on the internal interface (eth1).  currently,
all machines can access the internet, but none of the vlans can communicate
with each other (expected behavior).  I'd like to have 1 vlan be accessible
from the rest of them, but i'm not sure on the syntax.

I'm using version 1.9.2j

pertinent config:
INT_IF="eth1 eth1.2 eth1.3 eth1.4 eth1.5"
INTERNAL_NET="192.168.51.0/24 192.168.52.0/24 192.168.53.0/24
192.168.54.0/24 192.168.55.0/24"
INT_NET_BCAST_ADDRESS="192.168.51.255 192.168.52.255 192.168.53.255
192.168.54.255 192.168.55.255"
NAT="1"

i assumed that using the following command would enable the traffic, but it
does not:
iptables -A FORWARD -s 192.168.52.0/24 -d 192.168.53.0/24 -j ACCEPT

which would essentially allow traffic from vlan2 to vlan3, but when i enter
this command manually or in /etc/arno-iptables-firewall/custom-rules it is
not allowing the traffic.

i tried enabling ip_foward in /etc/sysctl.conf:
net.ipv4.ip_forward=1

which didn't work either.

any suggestions?

Thanks!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://rocky.eld.leidenuniv.nl/pipermail/firewall/attachments/20100301/0634e32a/attachment.htm>


More information about the Firewall mailing list