Inter-VLAN routing on CURRENT: any known issues?
Andrey V. Elsukov
bu7cher at yandex.ru
Thu Jul 13 13:15:15 UTC 2017
On 12.07.2017 22:43, O. Hartmann wrote:
> Now the FUN PART:
> From any host in any VLAN I'm able to ping hosts on the wild internet via their IP, on
> VLAN 1000 there is a DNS running, so I'm also able to resolv names like google.com or
> FreeBSD.org. But I can NOT(!) access any host via http/www or ssh.
You have not specified where is the NAT configured and its settings is
VLANs work on the layer2, they do not used for IP routing. Each received
packet loses its layer2 header before it gets taken by IP stack. If an
IP packet should be routed, the IP stack determines outgoing interface
and new ethernet header with VLAN header from this interface is prepended.
What I would do in your place:
1. Check the correctness of the switch settings.
- on the router use tcpdump on each vlan interface and
also directly on igb1. Use -e argument to see ethernet header.
Try ping router's IP address from each vlan, you should see tagged
packet on igb1 and untagged on corresponding vlan interface.
2. Check the correctness of the routing settings for each used node.
- to be able establish connection from one vlan to another, both nodes
must have a route to each other.
3. Check the NAT settings.
- to be able to connect to the Internet from your addresses, you must
use NAT. If you don't have NAT, but it somehow works, this means
that some device does the translation for you, but it's
configuration does not meet to your requirements. And probably you
need to translate prefixes configured for your vlans independently.
WBR, Andrey V. Elsukov
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 553 bytes
Desc: OpenPGP digital signature
More information about the freebsd-questions