Solved

Linux Networking- Gateway + VLan's

Posted on 2009-05-04
14
1,067 Views
Last Modified: 2013-12-23
I'd like to setup 3x /24's on a 1-NIC Fedora/Centos/Ubuntu (take your pick of *nix flavor), basically a the 2.6 kernel. Use 10.0.1.x 10.0.2.x and 10.0.3.x subnets. I've read about how to do the vlan+trunking portions but I've not managed to enable routing properly I think...
Again the linux box will be the router for these 3 vlan's and they will have to be trunked to a hp2524 (I can handle the switch portion)
Thanks!
0
Comment
Question by:Rich Rumble
  • 8
  • 2
  • 2
  • +1
14 Comments
 
LVL 62

Expert Comment

by:gheist
ID: 24294982
You have to check if your netcard supports VLAN taging.
Can you route one subnet without VLAN?
0
 
LVL 38

Author Comment

by:Rich Rumble
ID: 24295075
I'm setting up a test network, and I need the vlans to emulate the real environment, no extra money for routers so I have to use a PC. So I need the pc to have vlans, which for me isn't the hard part, it's the setup of 3 subnets on the linux box. How do I make the linux box the default gatewayS/router for 3 subnets basically and use only one NIC. I assume it's like other networking, dot1q trunk on the nic with 3 vlans encapsulated in the 1q to the switch.
-rich
0
 
LVL 38

Author Comment

by:Rich Rumble
ID: 24295166
Well, that is I need 3 separate vlans for the 3 separate subnets, 1 for each. Tagging is fine as long as the nic gets trunked.
-rich
0
VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

 
LVL 62

Expert Comment

by:gheist
ID: 24297218
Ping hosts from router, then ping past router.
check routing tables.
0
 
LVL 38

Author Comment

by:Rich Rumble
ID: 24297574
Ahem... I have a linux PC. I need to make that linux pc INTO a router. That PC( that is now a router) must have 3 subnets that it routes. There used to be the LRP (linuxrouter.org/) but it doesn't exist anymore.
Maybe I'll try this: http://www.vmware.com/appliances/directory/292
But I know linux can do routing, I can't find anyone that knows how to make a linux pc into a router.
-rich
0
 
LVL 7

Expert Comment

by:droyden
ID: 24297612
install iproute2 - you can then easily manipulate the routing tables with that.
0
 
LVL 7

Accepted Solution

by:
droyden earned 400 total points
ID: 24297624
0
 
LVL 38

Author Comment

by:Rich Rumble
ID: 24297650
That looks like a winner, I'll let you know!
-rich
0
 
LVL 7

Assisted Solution

by:diepes
diepes earned 100 total points
ID: 24308294
If you put a ip on each vlan interface for the aplicable subnet, you just need to enable the routing and it is done

Check if routing is enabled with
#cat /proc/sys/net/ipv4/ip_forward

if not enable with
#echo 1 > /proc/sys/net/ipv4/ip_forward
0
 
LVL 38

Author Comment

by:Rich Rumble
ID: 24310639
Yep I think I've just about got it, I'll update shortly.
-rich
0
 
LVL 38

Author Comment

by:Rich Rumble
ID: 24329329
Ok I figured it out, and here is a step by step for prosparity. I ended up using two NIC's instead of one, and used a cisco 3524 because I didn't understand the hp procurve 2524 well enough.
Using vconfig and ifconfig to add the vlans/subinterfaces is ok but I didn't know how to make the change permanent. So I went and redid everything a little different:
My setup is like this:

Servers ---> Switch_1 <----(eth0) Linux_PC (eth1)---->Switch_2 <---Firewall ---> Internets
The servers have 192.168.0.x, 192.168.1.x and 192.168.2.x ip's. The linux box has 3 subinterfaces configured with static ip's and VLAN=yes in their files, see below. I copied my ifcfg-eth0 file to ifcfg-eth0.1, and added the static ip, networkmask etc... and most importantly VLAN=yes.Repeat that for the other vlans and gateways I was creating.
I modified (vi'd) /etc/sysctrl.conf and changed net.ipv4.ip_forward=0 to a 1 so that upon reboot IP-Forwarding would be enabled.

If I don't want anything on the 192.168.0-2.xxx subnets  to be able to talk to anything past the linux box via eth1, I'm all set. If I do want to allow whatever is behind eth0 and it's subinterfaces to talk to the network that eth1 is on I enabled nat/masquerading.
I manually configured the iptables files (probably not the best idea) /etc/sysconfig/iptables
Added this at the top
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A POSTROUTING -o eth1 -j MASQUERADE
COMMIT
And this near the bottom
-A INPUT -i eth0 -j ACCEPT

Setting VLAN=yes seems to enable 8021q without the need to use modprobe 8021q manually or via a startup script like rc.local for example. Thanks for everyones help in pointing me to the right places!
-rich
#ETH0.1 (vlan 1)
DEVICE=eth0.1
HWADDR=00:ee:ee:8e:cf:72
IPADDR=192.168.0.1
NETMASK=255.255.255.0
NETWORK=192.168.0.0
BROADCAST=192.168.0.255
ONBOOT=yes
BOOTPROTO=none
TYPE=Ethernet
USERCTL=yes
PEERDNS=yes
IPV6INIT=no
NM_CONTROLLED=yes
VLAN=yes
-------------
#ETH0.2 (vlan2)
DEVICE=eth0.2
HWADDR=00:ee:ee:8e:cf:72
IPADDR=192.168.1.1
NETMASK=255.255.255.0
NETWORK=192.168.1.0
BROADCAST=192.168.1.255
ONBOOT=yes
BOOTPROTO=none
TYPE=Ethernet
USERCTL=yes
PEERDNS=yes
IPV6INIT=no
NM_CONTROLLED=yes
VLAN=yes

Open in new window

0
 
LVL 38

Author Comment

by:Rich Rumble
ID: 24329757
Forgot one line in the iptables... see below for the corrected version
(appended -A FORWARD -j eth0)
Any corrections or suggestion are still appreciated!
-rich
#Note these are the only additions I made
#Your IPTABLES should have more than just this in them
#These are ONLY the changes needed for NAT
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A POSTROUTING -o eth1 -j MASQUERADE
COMMIT
-A INPUT -i eth0 -j ACCEPT
-A FORWARD -i eth0
COMMIT

Open in new window

0
 
LVL 7

Expert Comment

by:diepes
ID: 24330717
for the record, debian has a network config file /etc/network/interfaces

#to add a vlan interface
auto eth0.66
iface eth0.66 inet static
      vlan-raw-device eth0
        address 10.1.1.1
      netmask 255.255.255.200

0
 
LVL 38

Author Comment

by:Rich Rumble
ID: 24335167
Is that persistent after reboot? I could of used a script to do the vconfig and ifconfig as well as the ip_forward and modprobe 8021q, but it was just as good for my purposes to write them in config files so they would be there upon reboot. Thanks for sharing, if there are other flavors or linux out there that differ in their commands like this I think this would be a good place to put them.
-rich
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How to list which IP address is the managed switch in my company ? 13 130
access vs trunk with voice vlan 2 41
Port group in esxi 6 72
QoS for Voip 7 35
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now