Hi Michael,

thats it! :) A long way for me. But, its done.
I write my documentation new. It is so easy,  	
if you know what you're doing ;-)

One question to Firewall Mode 2. I would take a new enable rule for
outgoing Port.

I set on Wireless (blue) as defination with port XYZ he dont work - When
I put the ruleset on green works. Is this normal?

greetings, Thomas

Am 22.07.2013 10:37, schrieb Michael Tremer:
> Hi,
> 
> you will have to grant access to every host on the blue network in the
> WUI. Please go to Firewall -> Blue Access and do that over there.
> 
> -Michael
> 
> On Sun, 2013-07-21 at 22:35 +0200, Thomas Berthel wrote:
>> Hi,
>>
>> nobody any idea?
>>
>> good night, Thomas
>>
>> On 07/02/2013 12:14 AM, Thomas Berthel wrote:
>>> Hi Michael,
>>>
>>>> Please run /etc/init.d/network-vlans start
>>> thanks. beginner error :-)
>>>
>>> Here my document for vlan:
>>>
>>> I configure my fire with the setup modus and change from green+red to
>>> green+red+organge+blue
>>>
>>> I setting up the network-ip's for blue & orange, then i became by the
>>> end from the setup a message: orange device cant configure not devivce
>>> found or so. Because it does not let me finish the setupmode i have
>>> cloesed the console-connection.
>>>
>>> I check my /var/ipfire/ethernet/settings and all information from my
>>> change in the setup-menu was written there.
>>>
>>> for example one snipp:
>>>
>>> BLUE_ADDRESS=192.168.2.1
>>> BLUE_NETMASK=255.255.255.0
>>> BLUE_NETADDRESS=192.168.2.0
>>> BLUE_BROADCAST=192.168.2.255
>>>
>>> but, no MAC-Address and no DEV was in there.
>>>
>>> The ifconfig says nothing to blue or orange. Okay then the next step.
>>> I configure my /var/ipfire/ethernet/vlans as follows:
>>>
>>> BLUE_PARENT_DEV=green0
>>> BLUE_VLAN_ID=300
>>> BLUE_MAC_ADDRESS=00:22:4D:84:A5:30
>>> ORANGE_PARENT_DEV=green0
>>> ORANGE_VLAN_ID=400
>>> ORANGE_MAC_ADDRESS=00:22:4D:84:A5:40
>>>
>>> Without "" for _PARENT_DEV="device1" and the _MAC_ADDRESS="11:22:33:..."
>>>
>>> Then i do /etc/init.d/network-vlan start, this was my messages-output:
>>>
>>> /etc/init.d/network-vlans start
>>> + CONFIG_FILE=/var/ipfire/ethernet/vlans
>>> + '[' -e /var/ipfire/ethernet/vlans ']'
>>> ++ /usr/local/bin/readhash /var/ipfire/ethernet/vlans
>>> + eval BLUE_PARENT_DEV=green0 BLUE_VLAN_ID=300
>>> BLUE_MAC_ADDRESS=00:22:4D:84:A5:30 ORANGE_PARENT_DEV=green0
>>> ORANGE_VLAN_ID=400 ORANGE_MAC_ADDRESS=00:22:4D:84:A5:40
>>> ++ BLUE_PARENT_DEV=green0
>>> ++ BLUE_VLAN_ID=300
>>> ++ BLUE_MAC_ADDRESS=00:22:4D:84:A5:30
>>> ++ ORANGE_PARENT_DEV=green0
>>> ++ ORANGE_VLAN_ID=400
>>> ++ ORANGE_MAC_ADDRESS=00:22:4D:84:A5:40
>>> + action=start
>>> + for interface in green0 blue0 orange0
>>> + case "${interface}" in
>>> + PARENT_DEV=
>>> + VLAN_ID=
>>> + MAC_ADDRESS=
>>> + case "${action}" in
>>> + '[' -z '' ']'
>>> + continue
>>> + for interface in green0 blue0 orange0
>>> + case "${interface}" in
>>> + PARENT_DEV=green0
>>> + VLAN_ID=300
>>> + MAC_ADDRESS=00:22:4D:84:A5:30
>>> + case "${action}" in
>>> + '[' -z green0 ']'
>>> + '[' -d /sys/class/net/blue0 ']'
>>> + '[' '!' -d /sys/class/net/green0 ']'
>>> + '[' -z 300 ']'
>>> + echo 'Creating VLAN interface blue0...'
>>> Creating VLAN interface blue0...
>>> + vconfig add green0 300
>>> Added VLAN with VID == 300 to IF -:green0:-
>>> + ip link set green0.300 name blue0
>>> + '[' -n 00:22:4D:84:A5:30 ']'
>>> + ip link set blue0 address 00:22:4D:84:A5:30
>>> + ip link set green0 up
>>> + for interface in green0 blue0 orange0
>>> + case "${interface}" in
>>> + PARENT_DEV=green0
>>> + VLAN_ID=400
>>> + MAC_ADDRESS=00:22:4D:84:A5:40
>>> + case "${action}" in
>>> + '[' -z green0 ']'
>>> + '[' -d /sys/class/net/orange0 ']'
>>> + '[' '!' -d /sys/class/net/green0 ']'
>>> + '[' -z 400 ']'
>>> + echo 'Creating VLAN interface orange0...'
>>> Creating VLAN interface orange0...
>>> + vconfig add green0 400
>>> Added VLAN with VID == 400 to IF -:green0:-
>>> + ip link set green0.400 name orange0
>>> + '[' -n 00:22:4D:84:A5:40 ']'
>>> + ip link set orange0 address 00:22:4D:84:A5:40
>>> + ip link set green0 up
>>>
>>> Yeah! The finale countdown ;-)
>>>
>>> So, i checket my ifconfig and only the device with no IP was displayed:
>>>
>>> blue0     Link encap:Ethernet  HWaddr 00:22:4D:84:A5:30
>>>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>>>           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
>>>           TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
>>>           collisions:0 txqueuelen:0
>>>           RX bytes: (0 Kb)  TX bytes: (0 Kb)
>>>
>>> WTF? okay. I configure my /var/ipfire/ethernet/settings once again as
>>> described here:
>>>
>>> BLUE_DEV=blue0
>>> BLUE_MACADDR=00:22:4d:84:a5:30
>>> BLUE_DESCRIPTION='"pci: Intel Corporation 82574L Gigabit Network
>>> Connection"'
>>> BLUE_DRIVER=e1000e
>>> BLUE_ADDRESS=192.168.2.1
>>> BLUE_NETMASK=255.255.255.0
>>> BLUE_NETADDRESS=192.168.2.0
>>> BLUE_BROADCAST=192.168.2.255
>>>
>>> Next step - reboot firewall! then the result from ifconfig said:
>>>
>>> blue0     Link encap:Ethernet  HWaddr 00:22:4D:84:A5:30
>>> 	  inet addr:192.168.2.1  Bcast:192.168.2.255  Mask:255.255.255.0
>>>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>>>           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
>>>           TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
>>>           collisions:0 txqueuelen:0
>>>           RX bytes: (0 Kb)  TX bytes: (0 Kb)
>>>
>>> BUT - my firewall droped my DNS and HTTP requests. I tried to change the
>>> rules with the firewall-mode from 1 to 0 and in the WUI by mode 1 to set
>>> rules for wireless to allow this connections. Without success!
>>>
>>> for example:
>>> Jul  1 21:23:10 ipfw kernel: DROP_WirelessinputIN=blue0 OUT=
>>> MAC=00:22:4d:84:a5:30:7c:61:93:16:2f:82:08:00 SRC=192.168.2.10
>>> DST=192.168.2.1 LEN=69 TOS=0x00 PREC=0x00 TTL=64 ID=25514 DF PROTO=UDP
>>> SPT=1083 DPT=53 LEN=4
>>>
>>> Any idea?
>>>
>>> BG, Thomas
>>>
>>> Am 01.07.2013 11:53, schrieb Michael Tremer:
>>>> On Sun, 2013-06-30 at 15:37 +0200, Thomas Berthel wrote:
>>>>> Hi @ all,
>>>>>
>>>>> i have checked the /etc/init.d/network-vlans Script and become following
>>>>> messages: Invalid action
>>>>>
>>>>> The dubug output says:
>>>>>
>>>>> (/var/ipfire/ethernet):/etc/init.d/network-vlans
>>>>> + CONFIG_FILE=/var/ipfire/ethernet/vlans
>>>>> + '[' -e /var/ipfire/ethernet/vlans ']'
>>>>> ++ /usr/local/bin/readhash /var/ipfire/ethernet/vlans
>>>>> + eval '#GREEN_VLAN_ID=20' BLUE_VLAN_ID=300 ORANGE_VLAN_ID=400
>>>>> + action=
>>>>> + for interface in green0 blue0 orange0
>>>>> + case "${interface}" in
>>>>> + PARENT_DEV=
>>>>> + VLAN_ID=
>>>>> + MAC_ADDRESS=
>>>>> + case "${action}" in
>>>>> + echo 'Invalid action: '
>>>>> Invalid action:
>>>>> + exit 1
>>>>
>>>> Please run /etc/init.d/network-vlans start or /etc/init.d/network-vlans
>>>> to start and stop the virtual interfaces.
>>>>
>>>> -Michael
>>>>
>>>
>>> _______________________________________________
>>> Documentation mailing list
>>> Documentation(a)lists.ipfire.org
>>> http://lists.ipfire.org/mailman/listinfo/documentation
>>>
>>
>> _______________________________________________
>> Documentation mailing list
>> Documentation(a)lists.ipfire.org
>> http://lists.ipfire.org/mailman/listinfo/documentation
> 
> _______________________________________________
> Documentation mailing list
> Documentation(a)lists.ipfire.org
> http://lists.ipfire.org/mailman/listinfo/documentation
>