I would like to establish the setup shown below. The image is taken from (http://gcharriere.com/blog/?p=620) and explains how to set this up on a brocade device.
I would like to use an ubuntu server to do the routing. Right now, the switch and the server/router are connected with a trunk and the server uses the vlan package, kernel module and (inner) subnets for routing. I would like that:
- no IP addresses get lost in the subnetting (outer subnet is /26, inner subnets are /28)
- I don't want the rigorous subdivision of my outer subnet. I want to assign a VLAN to any IP in the outer subnet.
How do I need to configure my interfaces? What is the "ubuntu" translation of "ip follow ve"?
Thanks!
Best Answer
I'm guessing that you're trying to accomplish the isolation of hosts in the three VLAN's from one another but not from the Linux gateway while allocating addresses from a single common block.
If this is the case, then I'd suggest putting each of the VLAN interfaces on the Linux box into a common bridge and using ebtables to limit L2 access on each subinterface to only the gateway. The Ubuntu documentation goes into plenty of detail about both setting up the VLAN interfaces as well as the bridging.
So - assume you have eth0.2, eth0.3 and eth0.4 corresponding to VLAN's 2, 3 and 4 Create br0, assign it 192.168.1.1/24 and add the three subinterfaces. Set up ebtables ACL's on br0 to permit traffic from any MAC address to br0's MAC, from br0's MAC to anything and then explicitly block all other traffic. You may want to apply ACL's directly on the subinterfaces to allow for greater customization.