July 25, 2010 at 7:28 pm #42543
First of all Thanks for the great efforts in a realy nice product.
I think I have a demand that linux just can’t do right now. With linux that is the only viable statement as that surly can be changed. 😉
Am I right or am I missing something.
I have one zeroshell box with one ethernet interface (ETH00) and one WIFIcard setup as an accesspoint in one SSID (ETH01)
ETH00 is connected to a Real firewall. Native vlan on ETH00 is not “connected” but three taged vlans ETH00.10 ETH00.20 ETH00.30
An arbitrary number of VPN’s SSL encrypted Ethernetframes VPNXX
BRIDGE00 (WifiClients) Members: ETH00.10, ETH01
BRIDGE01 (VpnTunnels) Members: ETH00.20, VPNXX (00-10)
ETH00.30 Ip 192.168.0.2/16
In the firewall ETH00.10,ETH00.20, ETH00.30 is bridged with other interfaces but in doing this traffic is difrentiated at L2 because they come in over diffrent vlans and can then be handled diffrently. The L3 interface ETH00.30 is Serving as tunnel endpoint for VPNs, and is currently DNS resolver for this part of the network.
Now the Problem:
All works well BUT: Wificlients can’t Acces the L3 interface of the same zeroshell box? Why? Locking at the system tells me DUE to only having one Ethernet card the L3 IP part and the Bridge00 is sharing the same mac adress. Thus making it imposible for wifi clients to contact the L3 ip through the bridge00 interface bounce at firewall back to the right vlan with IP enabled.
For this to work I eighter must have another ehternet port or linux kerel to truly support l2 and have separated arp,cam tables for each bridge process….
Am my reasoning of Linux being the fault right or am I a to much of linux novice to realice that i’m missing som vital config here…
I would offcource have but another card in my system if it was possible but there is no slots left ;-( just to test the theroy another mac not coliding with the mac picked up by the bridge00. Thus not interfering in the lack of multiple arp tables.
Some Switchvendors lack the same. Thats why you allwasy should use good networking equipment… 😉
Comments Please… Is it solvable in my current config (would be neat)….
Sorry if my english is flaude…
YoursJuly 25, 2010 at 7:38 pm #50799
Just came to me.. Is it possible to change the macadress that the bridge process’es use for it’s bridge. If that would be possible the collision would disapear…. Or?July 25, 2010 at 10:30 pm #50800
Hmmm googling around the internet tells me that perhaps you may instruct linux to use another macadress for a specific vlan on an interface.
ip link set ETH00.3 address 40:00:00:10:00:10
IT Works… the L3 adress of this vlan is now reporing the new mac and doesn’t confuse the linux kernel in its bridging….
What is the best script to make this survive a reboot?
Got some reading to do about what macadress to use i think…
There you have it. One who seek shall find!
YoursJuly 26, 2010 at 10:35 am #50801
Add this command in a post-boot script.
System -> Setup -> Startup/Cron and on the drop down list select “Post Boot”.
You must be logged in to reply to this topic.