From mboxrd@z Thu Jan  1 00:00:00 1970
From: Thomas Berthel <t.berthel@gmx.net>
To: documentation@lists.ipfire.org
Subject: Re: VLAN Konfig
Date: Thu, 08 Aug 2013 20:24:08 +0200
Message-ID: <5203E248.1050504@gmx.net>
In-Reply-To: <5203DFA4.9070205@gmx.net>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============5093576616267037952=="
List-Id: <documentation.lists.ipfire.org>

--===============5093576616267037952==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Sorry i meant Firewall Modus 1 ;-) Not 2.

greetings, Thomas


Am 08.08.2013 20:12, schrieb Thomas Berthel:
> Hi Michael,
>=20
> thats it! :) A long way for me. But, its done.
> I write my documentation new. It is so easy,  =09
> if you know what you're doing ;-)
>=20
> One question to Firewall Mode 2. I would take a new enable rule for
> outgoing Port.
>=20
> I set on Wireless (blue) as defination with port XYZ he dont work - When
> I put the ruleset on green works. Is this normal?
>=20
> greetings, Thomas
>=20
> Am 22.07.2013 10:37, schrieb Michael Tremer:
>> Hi,
>>
>> you will have to grant access to every host on the blue network in the
>> WUI. Please go to Firewall -> Blue Access and do that over there.
>>
>> -Michael
>>
>> On Sun, 2013-07-21 at 22:35 +0200, Thomas Berthel wrote:
>>> Hi,
>>>
>>> nobody any idea?
>>>
>>> good night, Thomas
>>>
>>> On 07/02/2013 12:14 AM, Thomas Berthel wrote:
>>>> Hi Michael,
>>>>
>>>>> Please run /etc/init.d/network-vlans start
>>>> thanks. beginner error :-)
>>>>
>>>> Here my document for vlan:
>>>>
>>>> I configure my fire with the setup modus and change from green+red to
>>>> green+red+organge+blue
>>>>
>>>> I setting up the network-ip's for blue & orange, then i became by the
>>>> end from the setup a message: orange device cant configure not devivce
>>>> found or so. Because it does not let me finish the setupmode i have
>>>> cloesed the console-connection.
>>>>
>>>> I check my /var/ipfire/ethernet/settings and all information from my
>>>> change in the setup-menu was written there.
>>>>
>>>> for example one snipp:
>>>>
>>>> BLUE_ADDRESS=3D192.168.2.1
>>>> BLUE_NETMASK=3D255.255.255.0
>>>> BLUE_NETADDRESS=3D192.168.2.0
>>>> BLUE_BROADCAST=3D192.168.2.255
>>>>
>>>> but, no MAC-Address and no DEV was in there.
>>>>
>>>> The ifconfig says nothing to blue or orange. Okay then the next step.
>>>> I configure my /var/ipfire/ethernet/vlans as follows:
>>>>
>>>> BLUE_PARENT_DEV=3Dgreen0
>>>> BLUE_VLAN_ID=3D300
>>>> BLUE_MAC_ADDRESS=3D00:22:4D:84:A5:30
>>>> ORANGE_PARENT_DEV=3Dgreen0
>>>> ORANGE_VLAN_ID=3D400
>>>> ORANGE_MAC_ADDRESS=3D00:22:4D:84:A5:40
>>>>
>>>> Without "" for _PARENT_DEV=3D"device1" and the _MAC_ADDRESS=3D"11:22:33:=
..."
>>>>
>>>> Then i do /etc/init.d/network-vlan start, this was my messages-output:
>>>>
>>>> /etc/init.d/network-vlans start
>>>> + CONFIG_FILE=3D/var/ipfire/ethernet/vlans
>>>> + '[' -e /var/ipfire/ethernet/vlans ']'
>>>> ++ /usr/local/bin/readhash /var/ipfire/ethernet/vlans
>>>> + eval BLUE_PARENT_DEV=3Dgreen0 BLUE_VLAN_ID=3D300
>>>> BLUE_MAC_ADDRESS=3D00:22:4D:84:A5:30 ORANGE_PARENT_DEV=3Dgreen0
>>>> ORANGE_VLAN_ID=3D400 ORANGE_MAC_ADDRESS=3D00:22:4D:84:A5:40
>>>> ++ BLUE_PARENT_DEV=3Dgreen0
>>>> ++ BLUE_VLAN_ID=3D300
>>>> ++ BLUE_MAC_ADDRESS=3D00:22:4D:84:A5:30
>>>> ++ ORANGE_PARENT_DEV=3Dgreen0
>>>> ++ ORANGE_VLAN_ID=3D400
>>>> ++ ORANGE_MAC_ADDRESS=3D00:22:4D:84:A5:40
>>>> + action=3Dstart
>>>> + for interface in green0 blue0 orange0
>>>> + case "${interface}" in
>>>> + PARENT_DEV=3D
>>>> + VLAN_ID=3D
>>>> + MAC_ADDRESS=3D
>>>> + case "${action}" in
>>>> + '[' -z '' ']'
>>>> + continue
>>>> + for interface in green0 blue0 orange0
>>>> + case "${interface}" in
>>>> + PARENT_DEV=3Dgreen0
>>>> + VLAN_ID=3D300
>>>> + MAC_ADDRESS=3D00:22:4D:84:A5:30
>>>> + case "${action}" in
>>>> + '[' -z green0 ']'
>>>> + '[' -d /sys/class/net/blue0 ']'
>>>> + '[' '!' -d /sys/class/net/green0 ']'
>>>> + '[' -z 300 ']'
>>>> + echo 'Creating VLAN interface blue0...'
>>>> Creating VLAN interface blue0...
>>>> + vconfig add green0 300
>>>> Added VLAN with VID =3D=3D 300 to IF -:green0:-
>>>> + ip link set green0.300 name blue0
>>>> + '[' -n 00:22:4D:84:A5:30 ']'
>>>> + ip link set blue0 address 00:22:4D:84:A5:30
>>>> + ip link set green0 up
>>>> + for interface in green0 blue0 orange0
>>>> + case "${interface}" in
>>>> + PARENT_DEV=3Dgreen0
>>>> + VLAN_ID=3D400
>>>> + MAC_ADDRESS=3D00:22:4D:84:A5:40
>>>> + case "${action}" in
>>>> + '[' -z green0 ']'
>>>> + '[' -d /sys/class/net/orange0 ']'
>>>> + '[' '!' -d /sys/class/net/green0 ']'
>>>> + '[' -z 400 ']'
>>>> + echo 'Creating VLAN interface orange0...'
>>>> Creating VLAN interface orange0...
>>>> + vconfig add green0 400
>>>> Added VLAN with VID =3D=3D 400 to IF -:green0:-
>>>> + ip link set green0.400 name orange0
>>>> + '[' -n 00:22:4D:84:A5:40 ']'
>>>> + ip link set orange0 address 00:22:4D:84:A5:40
>>>> + ip link set green0 up
>>>>
>>>> Yeah! The finale countdown ;-)
>>>>
>>>> So, i checket my ifconfig and only the device with no IP was displayed:
>>>>
>>>> blue0     Link encap:Ethernet  HWaddr 00:22:4D:84:A5:30
>>>>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>>>>           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
>>>>           TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
>>>>           collisions:0 txqueuelen:0
>>>>           RX bytes: (0 Kb)  TX bytes: (0 Kb)
>>>>
>>>> WTF? okay. I configure my /var/ipfire/ethernet/settings once again as
>>>> described here:
>>>>
>>>> BLUE_DEV=3Dblue0
>>>> BLUE_MACADDR=3D00:22:4d:84:a5:30
>>>> BLUE_DESCRIPTION=3D'"pci: Intel Corporation 82574L Gigabit Network
>>>> Connection"'
>>>> BLUE_DRIVER=3De1000e
>>>> BLUE_ADDRESS=3D192.168.2.1
>>>> BLUE_NETMASK=3D255.255.255.0
>>>> BLUE_NETADDRESS=3D192.168.2.0
>>>> BLUE_BROADCAST=3D192.168.2.255
>>>>
>>>> Next step - reboot firewall! then the result from ifconfig said:
>>>>
>>>> blue0     Link encap:Ethernet  HWaddr 00:22:4D:84:A5:30
>>>> 	  inet addr:192.168.2.1  Bcast:192.168.2.255  Mask:255.255.255.0
>>>>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>>>>           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
>>>>           TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
>>>>           collisions:0 txqueuelen:0
>>>>           RX bytes: (0 Kb)  TX bytes: (0 Kb)
>>>>
>>>> BUT - my firewall droped my DNS and HTTP requests. I tried to change the
>>>> rules with the firewall-mode from 1 to 0 and in the WUI by mode 1 to set
>>>> rules for wireless to allow this connections. Without success!
>>>>
>>>> for example:
>>>> Jul  1 21:23:10 ipfw kernel: DROP_WirelessinputIN=3Dblue0 OUT=3D
>>>> MAC=3D00:22:4d:84:a5:30:7c:61:93:16:2f:82:08:00 SRC=3D192.168.2.10
>>>> DST=3D192.168.2.1 LEN=3D69 TOS=3D0x00 PREC=3D0x00 TTL=3D64 ID=3D25514 DF=
 PROTO=3DUDP
>>>> SPT=3D1083 DPT=3D53 LEN=3D4
>>>>
>>>> Any idea?
>>>>
>>>> BG, Thomas
>>>>
>>>> Am 01.07.2013 11:53, schrieb Michael Tremer:
>>>>> On Sun, 2013-06-30 at 15:37 +0200, Thomas Berthel wrote:
>>>>>> Hi @ all,
>>>>>>
>>>>>> i have checked the /etc/init.d/network-vlans Script and become followi=
ng
>>>>>> messages: Invalid action
>>>>>>
>>>>>> The dubug output says:
>>>>>>
>>>>>> (/var/ipfire/ethernet):/etc/init.d/network-vlans
>>>>>> + CONFIG_FILE=3D/var/ipfire/ethernet/vlans
>>>>>> + '[' -e /var/ipfire/ethernet/vlans ']'
>>>>>> ++ /usr/local/bin/readhash /var/ipfire/ethernet/vlans
>>>>>> + eval '#GREEN_VLAN_ID=3D20' BLUE_VLAN_ID=3D300 ORANGE_VLAN_ID=3D400
>>>>>> + action=3D
>>>>>> + for interface in green0 blue0 orange0
>>>>>> + case "${interface}" in
>>>>>> + PARENT_DEV=3D
>>>>>> + VLAN_ID=3D
>>>>>> + MAC_ADDRESS=3D
>>>>>> + case "${action}" in
>>>>>> + echo 'Invalid action: '
>>>>>> Invalid action:
>>>>>> + exit 1
>>>>>
>>>>> Please run /etc/init.d/network-vlans start or /etc/init.d/network-vlans
>>>>> to start and stop the virtual interfaces.
>>>>>
>>>>> -Michael
>>>>>
>>>>
>>>> _______________________________________________
>>>> Documentation mailing list
>>>> Documentation(a)lists.ipfire.org
>>>> http://lists.ipfire.org/mailman/listinfo/documentation
>>>>
>>>
>>> _______________________________________________
>>> Documentation mailing list
>>> Documentation(a)lists.ipfire.org
>>> http://lists.ipfire.org/mailman/listinfo/documentation
>>
>> _______________________________________________
>> Documentation mailing list
>> Documentation(a)lists.ipfire.org
>> http://lists.ipfire.org/mailman/listinfo/documentation
>>
>=20
> _______________________________________________
> Documentation mailing list
> Documentation(a)lists.ipfire.org
> http://lists.ipfire.org/mailman/listinfo/documentation
>=20


--===============5093576616267037952==--