I have build this simple configuration:
---------------- ----------------
| Linux host A | <----- patch cable -------> | Linux host B |
---------------- ----------------
Then I have configured 2 VLAN on each host:
eth1 eth1
| |
|-- eth1.2 -> 192.168.1.2/24 |-- eth1.2 -> 192.168.1.4/24
|-- eth1.3 -> 192.168.1.3/24 |-- eth1.3 -> 192.168.1.5/24
On host A, when I do:
ping -I eth1.2 192.168.1.4
it works, but when I do :
ping -I eth1.3 192.168.1.5
it doesn't works.
I have tried to set on both hosts:
sysctl net.ipv4.conf.enth1.rp_filter=0
sysctl net.ipv4.conf.enth1/2.rp_filter=0
sysctl net.ipv4.conf.enth1/3.rp_filter=0
but that have not resolved the problem.
Using wireshark on host B spying eth1 show that ping with VLAN id 3 are correctly received, but host B does no answer.
Of course, I have checked my iptables:
Chain INPUT
target prot opt in out source destination
ACCEPT all -- eth1 any anywhere anywhere
Chain OUTPUT (policy ACCEPT)
When I do on host A a simple:
ping 192.168.1.5
host B answer BUT I see with wireshark that packets are tagged VLAN id 2,
that of course works.
So I guess something is wrong with routing VLAN tagged packets into host B, but I can't find what !
Best Answer
You're using the same IP segment and you have no special routing rules in place. That means, the default route is always used and the default route is set to VLAN2 in your case.
The best, if you differentiate your VLANs by different IP segments. For example your VLAN2 can use existing 192.168.1.1/24 a VLAN3 can use 192.168.3.1/24.