Author Topic: Don't Want firewall, dhcp settings? VLAN capable?  (Read 1065 times)

blacklotus

  • Regular Poster
  • **
  • Posts: 15
    • View Profile
Don't Want firewall, dhcp settings? VLAN capable?
« on: March 06, 2008, 10:00:11 am »
ok, i am very happy with the firewall i'm using (astaro security Linux) and using the builtin firewall of the core is not an option for me. i only want to use either 1 nic or team up 2 of them together.

that being said, i have no problems setting up the core as my dhcp server, but the ip address it hands out for the default gateway is its own. how do i correct this?

Also, it would be great if the core could support vlans natively, or even multiple internal interfaces, so that it can be multihomed. There are reasons for having even a home network segmented yet wanting the segments all to have direct access to the core. i know linux would have no problem supporting vlans.

i'm a linux noob, but am not afraid of a command line. how much trouble would it be to make the single gigabit interface on my core belong to 2 different vlans and have a dhcp server on the core set up for both of them, with the default gateway pointing to the proper firewall ip?

i believe its the marvell yukon ethernet chip

colinjones

  • Alumni
  • LinuxMCE God
  • *
  • Posts: 3003
    • View Profile
Re: Don't Want firewall, dhcp settings? VLAN capable?
« Reply #1 on: March 06, 2008, 12:07:04 pm »
You really need to do some reading on single NIC on these forums and particularly the Wiki. Just do some searches for "single NIC"...

To correct the DHCP issue, you should just be able to change the config file - /etc/dhcp3 - defaults to itself because that is the normal config. If the segment is the same, and the same VLAN, then just modify the gateway address.

Yes, you can set up sub-interfaces - in fact it will do this automatically if you only have one NIC. But it will still configure itself as 2 different subnets (on the same segment of course) - you can override this if you want by setting the internal and external to be the same subnet, then all can communicate with each other.

There are reasons why you could want different VLANS on a single segment, and Linux can do dot1q signalling - not sure if you can enable this with the standard LMCE install and I wouldn't tinker if it doesn't! But I don't see anything in your description that would indicate that need tho... either way, if they are using the same subnet internally and externally it won't do anything for you (in fact it won't work) You seem to have contradictory needs, unless I have misunderstood what you meant.

If you want VLANs the switch needs to support them (or they will do nothing for you), and the internal and external networks need to be different subnets, even if they are the same physical LAN, but then you will need to use LMCE as the default gateway at least for the internal network.... that can work, but still don't know why you need them...

teedge77

  • Addicted
  • *
  • Posts: 591
    • View Profile
Re: Don't Want firewall, dhcp settings? VLAN capable?
« Reply #2 on: March 06, 2008, 03:22:44 pm »
like colin said ...if you want VLANs its the switch. i use a VLAN for the internal linuxmce NIC. then i use the external lmce NIC on my regular network. it works well that way. if that really is the setup you want...all you have to do is make sure everything you want to use with lmce is on the VLAN. i also use astaro and have the lmce firewall turned off completely. also...i might have to check, but i think it will work fine with lmce as the gateway. it will just route to the gateway the external interface has set on it from whatever it receives on the internal. im pretty sure thats how mine is set up. colin is much better at it than i am so maybe he can say whether or not that would work. i can check later and see how mines set up.
AMD Athlon 64 X2 6000+
Asus M2V Via AM2 ATX
Lite-On LH-20A1S SATA DVD Burner
80GB  SATA-150
EVGA GeForce 7300 GT 512MB DDR2 PCI Express
Sound Blaster Audigy SE
Kingston 2 GB PC6400 DDR2 800MHz
Ultra X-Finity 800-Watt
ZCU000
Cisco 7970
TDM400P

colinjones

  • Alumni
  • LinuxMCE God
  • *
  • Posts: 3003
    • View Profile
Re: Don't Want firewall, dhcp settings? VLAN capable?
« Reply #3 on: March 06, 2008, 10:07:12 pm »
teedge77 -

I think the difference here is that blacklotus only wants a single physical NIC. Whereas you are (I'm guessing) setting 2 different ports on your switch to be different VLANs - this then has the switch mark each packet as the correct VLAN. Blacklotus wants (I think) to use only 1 NIC, but still have VLANs.

In this case, LMCE needs to be able to do 1 of 2 things. Either:

1) have separate "virtual" MAC addresses on each of the subinterfaces (I am not aware of whether it can do this, but I suspect not because they are subinterfaces, not full Ethernet interfaces) - and a switch that can set the VLAN bits based on a MAC address criteria; or

2) have LMCE do dot1q signaling, which basically means the interface sets the VLAN bits on the ethernet frames as they go out, based on the subnet they are intended for. Then the switch needs to both honour the signalling, and switch the frames to the correct VLAN - basically this is setting up a trunk/portchannel. Again, I don't know whether LMCE can do this... I am a Linux noob...

teedge77

  • Addicted
  • *
  • Posts: 591
    • View Profile
Re: Don't Want firewall, dhcp settings? VLAN capable?
« Reply #4 on: March 06, 2008, 10:25:54 pm »
sorry i missed the part where he said he wants one nic.
AMD Athlon 64 X2 6000+
Asus M2V Via AM2 ATX
Lite-On LH-20A1S SATA DVD Burner
80GB  SATA-150
EVGA GeForce 7300 GT 512MB DDR2 PCI Express
Sound Blaster Audigy SE
Kingston 2 GB PC6400 DDR2 800MHz
Ultra X-Finity 800-Watt
ZCU000
Cisco 7970
TDM400P