I have home network with VLANs, one for LAN, one for WLAN and one for internet. I'd like to use bridging so that instead of configuring these same VLANs to every machine, they had own VLAN ID and bridges were LAN, WLAN and internet.
I've tried it but for some reason keep-alive/ttl seems to get broken because SSH sessions etc suddenly disconnects.
We have this same setup working in workplace for 4+ years with 100+ customers but it's custom firewall/router hardware so accessing it is impossible. I know that it runs Linux.
So what is Debian/Ubuntu default network settings doing wrong or is it just NIC driver/hw problem? I've tried to mess araund with ttl etc settings without any luck. The bad stuff is happening in the bridge because current VLAN-only setup works fine.
interfaces:
auto lo
iface lo inet loopback
# The primary network interface
allow-hotplug eth0
allow-hotplug eth1
iface eth0 inet static
iface eth1 inet static
auto vlan111
auto vlan222
auto vlan333
auto vlan444
auto br0
auto br1
auto br2
# LAN
iface vlan111 inet static
vlan_raw_device eth0
# WLAN
iface vlan222 inet static
vlan_raw_device eth0
# ADSL Modem
iface vlan333 inet static
vlan_raw_device eth1
# Internet
iface vlan444 inet static
vlan_raw_device eth0
# LAN bridge
iface br0 inet static
address 192.168.0.1
netmask 255.255.255.0
bridge_ports eth0.111
bridge_stp on
# Internet bridge
iface br1 inet static
address x.x.x.x
netmask x.x.x.x
gateway x.x.x.x
bridge_ports eth1.333 eth0.444
bridge_stp on
post-up iptables -t nat -A POSTROUTING -o br1 -j MASQUERADE
pre-down iptables -t nat -D POSTROUTING -o br1 -j MASQUERADE
# WLAN bridge
iface br2 inet static
address 192.168.1.1
netmask 255.255.255.0
bridge_ports eth0.222
bridge_stp on
Sysctl:
net.ipv4.conf.default.forwarding=1
We use the following method for vlans:
auto eth0.6 iface eth0.6 inet static address 192.168.6.13 netmask 255.255.255.0 broadcast 192.168.6.255 pre-up vconfig add eth0 6 post-down vconfig rem eth0.6The case of a vlan on a bridged interface isn't much different:
auto br0 iface br0 inet static address 192.168.0.11 netmask 255.255.255.0 broadcast 192.168.0.255 bridge_stp on bridge_ports eth0 eth1 bridge_bridgeprio 60000 auto br0.6 iface br0.6 inet static address 192.168.6.11 netmask 255.255.255.0 broadcast 192.168.6.255 gateway 192.168.6.1 pre-up vconfig add br0 6 post-down vconfig rem br0.6However, looking at your setup, you appear to be attempting to bridge between two different vlans on different interfaces. I really think you mean to be routing between your networks.
Does your switch understand VLANs? You probably want to set your switch to have the correct ports set to untagged on the right VLAN for the machine connected to that port.
I don't think bridging VLANs is a good idea. VLANS basically break up a switch (or multiple switches) in multiple virtual segments. By bridging two VLANs you join their broken up broadcast domains back together, effectively making them belong to the same segment again. So, then why use VLANs in the first place?
As many people suggested, you need routing between the different subnets in your VLANs
Is it an option to just plug a third network card in and have 3 different interfaces doing routing/masquerading?
Unless your ISP is giving you a tagged vlan connection at home I doubt there is much purpose in making it a VLAN.
Otherwise, can you show your routing table? To get traffic to pass between the two you'll need routes for each VLAN.
You're combining syntax in that file.
My first suggestion is to ensure you've got ifupdown-scripts-zg2 installed to get proper vlan support, then switch to the saner ethX.VLAN naming, and remember to add the auto ethX.VLAN lines so they start on boot.
The "SSH disconnects after a time" issue sounds like my old enemy, rp_filter.
http://www.tolaris.com/2009/07/13/disabling-reverse-path-filtering-in-complex-networks/
Try this:
net.ipv4.conf.lo.rp_filter = 0 net.ipv4.conf.all.rp_filter = 0 net.ipv4.conf.default.rp_filter = 0
Set the same manually for any interface that still has 1 set.