Find the answer to your Linux question:
Results 1 to 3 of 3
Okay, here is the problem. This past week we re-designed our network here at work to look like the following: Internet | | Router/Firewall (Using Static IP) | Vlan 6 ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Sep 2006
    Posts
    2

    VLANs+Linux+W2k3+NAT=Problems?


    Okay, here is the problem. This past week we re-designed our network here at work to look like the following:


    Internet
    |
    |
    Router/Firewall (Using Static IP)
    |
    Vlan 6
    |
    DMZ
    |
    Main Routers (actually two)
    |
    Client VLAN, Server VLAN, Misc VLANs


    Our main routers have 5 ethernet ports on them. All the systems mentioned above (the routers and the firewall) are running Ubuntu Dapper Server. Since we wanted to be able to expand later, we tried to use vlans as much as possible. Hence we defined the vlans via vconfig in Linux. So the router would use ethernet port eth0.6 to talk to the main routers.

    After installation we started noticing some really odd problems. First of all, our 98 clients joined the network fine, got their logon scripts and ran them. However, our XP machines did not. After a bit of head banging my co-worker and I modified it so that the routers used eth1, eth2, eth3, etc. Instead of eth1.11 or eth1.21. Then we set our HP switch to do the tagging. It worked like a charm.

    However, on one of our other nets all HTTPS traffic stopped working. Just a few minutes ago I set the main firewall to use eth1 instead of eth1.6 and let the switch do the tagging and it's working great.

    What on earth is going on here? Is there some limitation on VLANs that I don't know about? The freaky thing is, the HTTPS traffic is still being tagged by the main routers for vlan 21! So instead of being tagged by linux, routed and tagged by linux again, they are being tagged by the hp switch the seccond time.

    Any ideas? On all occations we could ping, and "see" the hosts. Its just some traffic wouldn't work. And it's not an iptables issue because when we changed the ethernet devices it worked without modification to the iptables.

    I'm stumped.

  2. #2
    Linux Enthusiast
    Join Date
    Dec 2004
    Posts
    637
    If I may ask, why are you using so many VLANs? Will you really be adding that many more workstations as to warrant such a setup? Just curious, trying to see some real world justification. I'm a Cisco type; however, cannot for any reason see the need for a VLAN other than strict isolation for a select few nodes.

  3. #3
    Just Joined!
    Join Date
    Sep 2006
    Posts
    2
    Mostly for oganization perposes. This is installed on a collage campus, and so it really helps to have the option to throw a server into any building and tag it as being server traffic. On top of that we also offer Internet accsess to some of the staff housing. We don't want those people to be able to accsess our servers .

    Basicly it's all securtity related issues.

    BTW, the SSL still doesn't work, even after I took out the Linux tagging on the one end (see above).

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •