[Firewall] vlan traffic

Matthew Nelson matt at aa-technology.com
Mon Mar 1 21:50:52 CET 2010


to answer my own question...

apparently having:
TRUSTED_IF="eth1.2"

does the trick.

:)

On Mon, Mar 1, 2010 at 3:36 PM, Matthew Nelson <matt at aa-technology.com>wrote:

> Hi All,
>
> I've got several vlans setup on the internal interface (eth1).  currently,
> all machines can access the internet, but none of the vlans can communicate
> with each other (expected behavior).  I'd like to have 1 vlan be accessible
> from the rest of them, but i'm not sure on the syntax.
>
> I'm using version 1.9.2j
>
> pertinent config:
> INT_IF="eth1 eth1.2 eth1.3 eth1.4 eth1.5"
> INTERNAL_NET="192.168.51.0/24 192.168.52.0/24 192.168.53.0/24
> 192.168.54.0/24 192.168.55.0/24"
> INT_NET_BCAST_ADDRESS="192.168.51.255 192.168.52.255 192.168.53.255
> 192.168.54.255 192.168.55.255"
> NAT="1"
>
> i assumed that using the following command would enable the traffic, but it
> does not:
> iptables -A FORWARD -s 192.168.52.0/24 -d 192.168.53.0/24 -j ACCEPT
>
> which would essentially allow traffic from vlan2 to vlan3, but when i enter
> this command manually or in /etc/arno-iptables-firewall/custom-rules it is
> not allowing the traffic.
>
> i tried enabling ip_foward in /etc/sysctl.conf:
> net.ipv4.ip_forward=1
>
> which didn't work either.
>
> any suggestions?
>
> Thanks!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://rocky.eld.leidenuniv.nl/pipermail/firewall/attachments/20100301/f3b14f97/attachment.htm>


More information about the Firewall mailing list