I'm using a Linux server to do iptables NAT routing for a small business network. We also have a 24port managed switch that will be providing connections for all the wall ethernet jacks.
The layout looks like this:
INTERNET
|
eth1
|
[server]
|
eth0
|
[ switch ]
| |
(vl1) (vl2)
My goal is to have vlan1 and vlan2 completely isolated from each other, although able to share Samba mounts on the server. The server will also be handling DHCP, firewalling and content-filtering via Squid.
So far, I have everything but vlan2 working. I'm using eth0 as 192.168.1.1 and eth0:1 as 192.168.2.1, with the switch assigned .2 on the respective vlans. I however, cannot get any routes to 192.168.2.2. I've tried several different routes, but I haven't made any progress. Currently, I'm using the defaults, that is:
192.168.1.0 * 255.255.255.0 U 0 0 0 eth0
192.168.2.0 * 255.255.255.0 U 0 0 0 eth0
I'm wondering if I might need to switch to bridges, but since I won't be physically at the machines for a few days, I don't want to mess with things. Does anyone have some suggestions on a solution? I'm tempted to just throw another NIC in, but I'd like to add vlan3 eventually, so I'll wind up back here in a month if I just try to work around.
I'm not seeing any evidence of VLAN configuration from the details you've given. The correct specification for an interface to VLAN 2 in Linux is
eth0.2
, noteth0:2
, and if you had it set up correctly you would see the separate interface in the routing table.Also make sure that you've got the second VLAN tagged onto the port that the server is plugged into (because you can't -- or at least shouldn't -- put two VLANs onto one port untagged), and re-check the VLAN layout and setup on the other ports on the switch.
Full system details (
ip addr list
,ip route show
, contents of networking config files) and switch configuration (show running-config
or equivalent) would help us provide more specific solutions.