VLAN Konfig

VLAN Konfig

[Thomas Berthel]

[-- Attachment #1: Type: text/plain, Size: 315 bytes --]

Hi zusammen,

ich habe hier: http://wiki.ipfire.org/de/optimization/vlan/start die
Doku für das VLAN fertig gestellt, könnte das jemand von euch in ein
brauchbares Format für die englisch sprechenden Uer vorbereiten.
Korregturen dürfen natürlich ebenso vorgenommen werden ;-)


Ein schönes Wochenende! Thomas

Re: VLAN Konfig

[Erik K.]

[-- Attachment #1: Type: text/plain, Size: 1415 bytes --]

Hi Thomas,
first of all, thanks for the wiki in this theme, i think it is important to have some good explanation in there. May the location can be changed if you have finished this wiki, the installation section might be better than optimizations.

I have some questions to your IPTable rules. 
1) The results in the CUSTOM Chains doesn´t display the destination ports only the source ports, why is that ? 
2) Also, is it necessary to define --sport ? 
3) Another question is, are you operating in Mode 0 in the outgoing FW ? 
4) Did you also try to add these rules over the webinterface ? Or in other words is it possible to define such rules without problems with the VLAN config and interface names like green 003 etc. ?

One hint to the mailinglist, this is a international area so we write only in english

Greetings

Erik

Am 08.06.2013 um 13:42 schrieb Thomas Berthel:

> Hi zusammen,
> 
> ich habe hier: http://wiki.ipfire.org/de/optimization/vlan/start die
> Doku für das VLAN fertig gestellt, könnte das jemand von euch in ein
> brauchbares Format für die englisch sprechenden Uer vorbereiten.
> Korregturen dürfen natürlich ebenso vorgenommen werden ;-)
> 
> 
> Ein schönes Wochenende! Thomas
> _______________________________________________
> Documentation mailing list
> Documentation(a)lists.ipfire.org
> http://lists.ipfire.org/mailman/listinfo/documentation

Re: VLAN Konfig

[Thomas Berthel]

[-- Attachment #1: Type: text/plain, Size: 2686 bytes --]

Hi Erik,

> the installation section might be better than optimizations
True, you're right.

> 1) The results in the CUSTOM Chains doesn´t display the destination
ports only the source ports, why is that ?
What exactly do you mean? I just do not see what you mean.

> 2) Also, is it necessary to define --sport ?
Yes. So I give with which ports exactly what to do and what not.
But, I'm not an iptables expert. That was my first real attempt and has
worked well so far.

> 3) Another question is, are you operating in Mode 0 in the outgoing FW ?
No, i use Modus 1.

>  Or in other words is it possible to define such rules without
problems with the VLAN config and interface names like green 003 etc. ?
I think that is not RFC compliant. However, there is the possibility
0-4095 to put the IDs.

http://www.oit.ucsb.edu/committees/CNC-BEG/vlan_id.asp

> 4) Did you also try to add these rules over the webinterface ?
I have not tested yet. But, I can do that.

BG, Thomas


Am 09.06.2013 06:54, schrieb Erik K.:
> Hi Thomas,
> first of all, thanks for the wiki in this theme, i think it is important to have some good explanation in there. May the location can be changed if you have finished this wiki, the installation section might be better than optimizations.
> 
> I have some questions to your IPTable rules. 
> 1) The results in the CUSTOM Chains doesn´t display the destination ports only the source ports, why is that ? 
> 2) Also, is it necessary to define --sport ? 
> 3) Another question is, are you operating in Mode 0 in the outgoing FW ? 
> 4) Did you also try to add these rules over the webinterface ? Or in other words is it possible to define such rules without problems with the VLAN config and interface names like green 003 etc. ?
> 
> One hint to the mailinglist, this is a international area so we write only in english
> 
> Greetings
> 
> Erik
> 
> Am 08.06.2013 um 13:42 schrieb Thomas Berthel:
> 
>> Hi zusammen,
>>
>> ich habe hier: http://wiki.ipfire.org/de/optimization/vlan/start die
>> Doku für das VLAN fertig gestellt, könnte das jemand von euch in ein
>> brauchbares Format für die englisch sprechenden Uer vorbereiten.
>> Korregturen dürfen natürlich ebenso vorgenommen werden ;-)
>>
>>
>> Ein schönes Wochenende! Thomas
>> _______________________________________________
>> Documentation mailing list
>> Documentation(a)lists.ipfire.org
>> http://lists.ipfire.org/mailman/listinfo/documentation
> 
> _______________________________________________
> Documentation mailing list
> Documentation(a)lists.ipfire.org
> http://lists.ipfire.org/mailman/listinfo/documentation
> 

Re: VLAN Konfig

[Michael Tremer]

[-- Attachment #1: Type: text/plain, Size: 1273 bytes --]

Hey Thomas,

very nice illustration and colouring :)

But I got some questions:

The part about the configuration file /var/ipfire/ethernet/vlans looks
right for me.
For some reason, you are writing a new script a little bit later which
manually creates the virtual interfaces. Why is that?
According to you configuration in /var/ipfire/ethernet/vlans, a new
blue0 and orange0 interface will show up after reboot.

It is very convenient to name the devices blue0, green0, orange0 and
red0, because some scripts rely on those names. That's not good
practice, I know. But it's the way it is at the moment.

Then, why all that iptables stuff? I cannot see how this is relevant for
the VLANs in general.

-Michael

On Sat, 2013-06-08 at 13:42 +0200, Thomas Berthel wrote:
> Hi zusammen,
> 
> ich habe hier: http://wiki.ipfire.org/de/optimization/vlan/start die
> Doku für das VLAN fertig gestellt, könnte das jemand von euch in ein
> brauchbares Format für die englisch sprechenden Uer vorbereiten.
> Korregturen dürfen natürlich ebenso vorgenommen werden ;-)
> 
> 
> Ein schönes Wochenende! Thomas
> _______________________________________________
> Documentation mailing list
> Documentation(a)lists.ipfire.org
> http://lists.ipfire.org/mailman/listinfo/documentation

Aw: Re: VLAN Konfig

[t.berthel]

[-- Attachment #1: Type: text/plain, Size: 2484 bytes --]

Hi,

> very nice illustration and colouring :)
thx! :)

> For some reason, you are writing a new script a little bit later which
> manually creates the virtual interfaces. Why is that?
You mean this section: /etc/rc.d/rc3.d/S18network-vlan ?
I have tested VLAN to configurate only in /var/ipfire/ethernet/vlans. There have no createt the Interfaces for blue & orange.
Therefore I have made ​​it so.

> That's not good practice, I know. But it's the way it is at the moment.
I can remind me to the statement. But it works only once.
The BLUE_PARENT_DEV="green0" and in /var/ipfire/ethernet/settings delegate to BLUE_DEV=green0.300, i can test it with blue0.300. let's see what happens here. :) I give a statement when testet.


BG, Thomas
> Gesendet: Montag, 10. Juni 2013 um 12:22 Uhr
> Von: "Michael Tremer" <michael.tremer(a)ipfire.org>
> An: documentation(a)lists.ipfire.org
> Betreff: Re: VLAN Konfig
>
> Hey Thomas,
>
> very nice illustration and colouring :)
>
> But I got some questions:
>
> The part about the configuration file /var/ipfire/ethernet/vlans looks
> right for me.
> For some reason, you are writing a new script a little bit later which
> manually creates the virtual interfaces. Why is that?
> According to you configuration in /var/ipfire/ethernet/vlans, a new
> blue0 and orange0 interface will show up after reboot.
>
> It is very convenient to name the devices blue0, green0, orange0 and
> red0, because some scripts rely on those names. That's not good
> practice, I know. But it's the way it is at the moment.
>
> Then, why all that iptables stuff? I cannot see how this is relevant for
> the VLANs in general.
>
> -Michael
>
> On Sat, 2013-06-08 at 13:42 +0200, Thomas Berthel wrote:
> > Hi zusammen,
> >
> > ich habe hier: http://wiki.ipfire.org/de/optimization/vlan/start die
> > Doku für das VLAN fertig gestellt, könnte das jemand von euch in ein
> > brauchbares Format für die englisch sprechenden Uer vorbereiten.
> > Korregturen dürfen natürlich ebenso vorgenommen werden ;-)
> >
> >
> > Ein schönes Wochenende! Thomas
> > _______________________________________________
> > Documentation mailing list
> > Documentation(a)lists.ipfire.org
> > http://lists.ipfire.org/mailman/listinfo/documentation
>
> _______________________________________________
> Documentation mailing list
> Documentation(a)lists.ipfire.org
> http://lists.ipfire.org/mailman/listinfo/documentation
>

Aw: Re: VLAN Konfig

[t.berthel]

[-- Attachment #1: Type: text/plain, Size: 3155 bytes --]

Hi,

yesterday i have checkt the default setup for vlan.
I don't understand what is wrong!

So what I've done (on clean green & red systemnetwork setting):

Step one:
###############################
# /var/ipfire/ethernet/vlans
( see this for more details: http://wiki.ipfire.org/de/optimization/vlan/start#vlan_hw-zuweisung)

# reboot - ifconfig and ip link show said to me: nothing! no blue or orange interface generated.

Step two:
###############################
# check autostart for rc3.d for this script:
http://git.ipfire.org/?p=ipfire-2.x.git;a=blob;f=src/initscripts/init.d/network-vlans;h=2fdfe9ebbcf48391fabef127689c4f5313a483df;hb=HEAD#l34

I dont see a symlink from rc3.d/ to ../init.d/network-vlans - network-vlans captured the vlans-config from here /var/ipfire/ethernet/vlans. Also, i created a S18rule with symlink to ../init.d/network-vlans.

# reboot - ifconfig and ip link show said to me: nothing! no blue or orange interface generated.

Then rm S18rule and added S22rule with the same symlink-path

# reboot - ifconfig and ip link show said to me: nothing! no blue or orange interface generated.

My question, what for a configuration is required for this script: http://wiki.ipfire.org/de/optimization/vlan/start#vlan_netzwerkkonfiguration ? I have testet too with default settings in this file - did not matter no functional.

What can I do? Please help me!

BG, Thomas

> Gesendet: Montag, 10. Juni 2013 um 12:22 Uhr
> Von: "Michael Tremer" <michael.tremer(a)ipfire.org>
> An: documentation(a)lists.ipfire.org
> Betreff: Re: VLAN Konfig
>
> Hey Thomas,
>
> very nice illustration and colouring :)
>
> But I got some questions:
>
> The part about the configuration file /var/ipfire/ethernet/vlans looks
> right for me.
> For some reason, you are writing a new script a little bit later which
> manually creates the virtual interfaces. Why is that?
> According to you configuration in /var/ipfire/ethernet/vlans, a new
> blue0 and orange0 interface will show up after reboot.
>
> It is very convenient to name the devices blue0, green0, orange0 and
> red0, because some scripts rely on those names. That's not good
> practice, I know. But it's the way it is at the moment.
>
> Then, why all that iptables stuff? I cannot see how this is relevant for
> the VLANs in general.
>
> -Michael
> 
> On Sat, 2013-06-08 at 13:42 +0200, Thomas Berthel wrote:
> > Hi zusammen,
> >
> > ich habe hier: http://wiki.ipfire.org/de/optimization/vlan/start die
> > Doku für das VLAN fertig gestellt, könnte das jemand von euch in ein
> > brauchbares Format für die englisch sprechenden Uer vorbereiten.
> > Korregturen dürfen natürlich ebenso vorgenommen werden ;-)
> >
> >
> > Ein schönes Wochenende! Thomas
> > _______________________________________________
> > Documentation mailing list
> > Documentation(a)lists.ipfire.org
> > http://lists.ipfire.org/mailman/listinfo/documentation
>
> _______________________________________________
> Documentation mailing list
> Documentation(a)lists.ipfire.org
> http://lists.ipfire.org/mailman/listinfo/documentation
>

Re: Aw: Re: VLAN Konfig

[Michael Tremer]

[-- Attachment #1: Type: text/plain, Size: 1473 bytes --]

On Tue, 2013-06-11 at 14:42 +0200, t.berthel(a)gmx.net wrote:
> Step one:
> ###############################
> # /var/ipfire/ethernet/vlans
> ( see this for more details: http://wiki.ipfire.org/de/optimization/vlan/start#vlan_hw-zuweisung)
> 
> # reboot - ifconfig and ip link show said to me: nothing! no blue or orange interface generated.

Please post your configuration. When you run /etc/init.d/network-vlans
manuelly, you should see error messages if there are any.

> 
> Step two:
> ###############################
> # check autostart for rc3.d for this script:
> http://git.ipfire.org/?p=ipfire-2.x.git;a=blob;f=src/initscripts/init.d/network-vlans;h=2fdfe9ebbcf48391fabef127689c4f5313a483df;hb=HEAD#l34
> 
> I dont see a symlink from rc3.d/ to ../init.d/network-vlans - network-vlans captured the vlans-config from here /var/ipfire/ethernet/vlans. Also, i created a S18rule with symlink to ../init.d/network-vlans.

The symlink you are searching for is to be found here:
  /etc/rc.d/rcsysinit.d/S91network-vlans

That's what my configuration looks like.

GREEN_PARENT_DEV=port0
GREEN_VLAN_ID=20
GREEN_MAC_ADDRESS=00:de:ad:be:ef:20
BLUE_PARENT_DEV=port0
BLUE_VLAN_ID=30
BLUE_MAC_ADDRESS=00:de:ad:be:ef:30
ORANGE_PARENT_DEV=port0
ORANGE_VLAN_ID=40
ORANGE_MAC_ADDRESS=00:de:ad:be:ef:40

I have a dual NIC. One port is dedicated for my internet connection
(i.e. red0). The other port has all the virtual subnets on it.

-Michael