Bohuslav Moravec <bo...@centrum.cz> wrote: > I have this working network configuration with two VLANs and a Linux router > with DHCP server and Shorewall. > > ISP > | > | eth0 > |-----------| > | | > | Shorewall | > | | > |-----------| > | eth1 192.168.10.1 > | eth1.20 192.168.20.1 (802.1Q VLAN tagging) > | > | VLAN trunk > | > | 192.168.10.254 (VLAN10 switch virtual interface) > | 192.168.20.254 (VLAN20 switch virtual interface) > |-----------| > | Netgear | VLAN10 > | switch |------- > | | 192.168.10.0/24 > |-----------| GW 192.168.10.1 > | > | > |VLAN20 > |192.168.20.0/24 > |GW 192.168.20.1 > > > The internal physical network interface of the shorewall box has a second > virtual interface eth1.20 with 802.1q vlan tagging on. The default gateway > for network computers is setup to the linux router. Gateway for VLAN10 is > 192.168.10.1 and gateway for VLAN 20 is 192.168.20.1. With this configuration > I can acces the internet and communicate between both VLANs. All > communication between VLANs goes through the linux router. > > Because my switch supports VLAN routing I tried to use it as a router to > speed up communication between VLANs.
OK, you have duplicated things. You EITHER do routing in the Shorewall box and turn off routing in the switch OR you do routing in the switch and not in the shorewall box. But as you've configured the IPs, this should still work as nothing *should* be using the switch router interfaces as the gateway - are you running DHCP ? On the Shorewall box, the switch, or both ? If you have a DHCP server running on the switch (it may have been "helpfully" enabled automatically when you enabled routing) then clients will get leases pointing to the wrong gateway - and the switch may not know how to route outside traffic. Also, double check your switch port configs. The port connecting to the Shorewall box must be in tagged+untagged mode, and the native VLAN set to 10 (it probably defaults to 1). This means that traffic to/from VLAN 10 is handled as untagged traffic on the trunk port, and VLAN 20 traffic is handled as tagged traffic. The other ports must be set to untagged only, and the native VLAN set to 10 or 20 as required. I think I've only done VLANs on a Netgear switch once, some years ago - and found it "not very intuitive" to configure. _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
