Strange NAT problem with VLAN Bridge

Home Page Forums Network Management Signal a BUG Strange NAT problem with VLAN Bridge

This topic contains 1 reply, has 0 voices, and was last updated by  raspi 10 years, 9 months ago.

Viewing 1 post (of 1 total)
  • Author
    Posts
  • #41079

    raspi
    Member

    I have

      BRIDGE00 – LAN (ETH00.111) 192.168.0.0/24
      BRIDGE01 – WLAN (ETH00.222) 192.168.1.0/24
      BRIDGE02 – Internet (ETH00.444 ETH01.333) x.x.x.x/25

    If I do it manually in Debian like so:

    /etc/network/interfaces:


    auto lo
    iface lo inet loopback

    # The primary network interface
    allow-hotplug eth0
    allow-hotplug eth1

    iface eth0 inet static
    iface eth1 inet static

    auto vlan111
    auto vlan222
    auto vlan333
    auto vlan444
    auto br0
    auto br1
    auto br2

    # LAN
    iface vlan111 inet static
    vlan_raw_device eth0

    # WLAN
    iface vlan222 inet static
    vlan_raw_device eth0

    # ADSL Modem
    iface vlan333 inet static
    vlan_raw_device eth1

    # Internet
    iface vlan444 inet static
    vlan_raw_device eth0

    # LAN bridge
    iface br0 inet static
    address 192.168.0.1
    netmask 255.255.255.0
    bridge_ports eth0.111
    bridge_stp on

    # Internet bridge
    iface br1 inet static
    address x.x.x.x
    netmask 255.255.255.128
    gateway x.x.x.x
    bridge_ports eth1.333 eth0.444
    bridge_stp on
    post-up iptables -t nat -A POSTROUTING -o br1 -j MASQUERADE
    pre-down iptables -t nat -D POSTROUTING -o br1 -j MASQUERADE

    # WLAN bridge
    iface br2 inet static
    address 192.168.1.1
    netmask 255.255.255.0
    bridge_ports eth0.222
    bridge_stp on

    /etc/sysctl.conf:


    net.ipv4.conf.default.forwarding=1

    So br0 and br2 can access internet using 192.168.0.1/192.168.1.1 as GW and br1 is “straight-through” access without NAT.

    Bridge br1 (Internet) doesn’t NAT VLAN 444/333 with br1’s IP while ZeroShell (BRIDGE02, same as br1 in example) does. So what is ZeroShell doing?

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.