You are not logged in.

Pages: 1

#1 2019-07-14 10:55:08

Morta
Member
Registered: 2019-07-07
Posts: 655

Can I make the Internet Access of VLAN10 (eth0.10) to whole Router

Can I make the Internet Access of VLAN10 (eth0.10) to whole Router an Clients?

iptables -A FORWARD -i br0 -s 192.168.1.0/255.255.255.0 -j ACCEPT
iptables -A FORWARD -i eth0 -d 192.168.1.0/255.255.255.0 -j ACCEPT



iptables -t nat -A POSTROUTING -s ip.add.re.ss/24 ! -d ip.add.re.ss/24 -m comment --comment "Can I also Forward eth0.10 to eth0 instead a IP because the eth0.10 is a dynamic IP" -j MASQUERADE
iptables -t filter -A FORWARD -o eth0.10 -m comment --comment "NAT Output for VLAN 10 eth0.10" -j ACCEPT #With or without -t filter?
iptables -t filter -A FORWARD -i eth0.10 -m comment --comment "NAT Input for VLAN 10 eth0.10" -j ACCEPT

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE


echo 1 > /proc/sys/net/ipv4/ip_forward
[root@ROUTER morta]# cat /proc/net/vlan/config
VLAN Dev name    | VLAN ID
Name-Type: VLAN_NAME_TYPE_RAW_PLUS_VID_NO_PAD
eth0.10         | 10  | eth0
[root@ROUTER morta]# cat /proc/net/vlan/eth0.10 eth010  
VID: 10  REORDER_HDR: 1  dev->priv_flags: 1021
         total frames received           36
          total bytes received         2540
      Broadcast/Multicast Rcvd           11

      total frames transmitted           24
       total bytes transmitted         2412
 Device: eth0 INGRESS priority mappings: 0:0  1:0  2:0  3:0  4:0  5:0  6:0 7:0  EGRESS priority mappings:
[root@ROUTER morta]# tcpdump -n -p -i eth0.10
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0.10, link-type EN10MB (Ethernet), capture size 262144 bytes
13:04:10.680190 IP 185.153.196.25.45327 > 85.7.118.85.15389: Flags [S], seq 3407261449, win 1024, length 0
13:04:13.024933 IP 1.1.1.1 > 224.0.0.1: igmp query v3 [max resp time 5.0s]
13:04:43.025262 IP 1.1.1.1 > 224.0.0.1: igmp query v3 [max resp time 5.0s]
13:04:54.733157 IP 80.82.78.104.56504 > 85.7.118.85.3394: Flags [S], seq 2362323755, win 1024, length 0
13:05:13.025558 IP 1.1.1.1 > 224.0.0.1: igmp query v3 [max resp time 5.0s]
13:05:28.048375 IP 95.57.218.103.44512 > 85.7.118.85.445: Flags [S], seq 2229049148, win 1024, length 0
13:05:33.851660 IP 198.108.67.107.25280 > 85.7.118.85.9070: Flags [S], seq 3114394712, win 1024, length 0
13:05:41.662582 IP 185.153.196.25.45325 > 85.7.118.85.5366: Flags [S], seq 3805977832, win 1024, length 0
13:05:42.345363 IP 198.108.66.209.45248 > 85.7.118.85.8080: Flags [S], seq 2870134667, win 65535, length 0
13:05:43.025872 IP 1.1.1.1 > 224.0.0.1: igmp query v3 [max resp time 5.0s]
13:05:56.393898 IP 80.82.78.104.56504 > 85.7.118.85.3388: Flags [S], seq 2452477312, win 1024, length 0
13:06:00.992614 IP6 fe80::f2ad:4eff:fe09:6a7f > ff02::2: ICMP6, router solicitation, length 16
13:06:10.225369 IP 185.176.27.34.57886 > 85.7.118.85.19284: Flags [S], seq 661451054, win 1024, length 0
13:06:13.026204 IP 1.1.1.1 > 224.0.0.1: igmp query v3 [max resp time 5.0s]
13:06:19.590666 IP 77.28.171.80.12154 > 85.7.118.85.23: Flags [S], seq 1576914261, win 14600, length 0
13:06:43.026483 IP 1.1.1.1 > 224.0.0.1: igmp query v3 [max resp time 5.0s]
13:07:13.026840 IP 1.1.1.1 > 224.0.0.1: igmp query v3 [max resp time 5.0s]
13:07:22.008003 IP 80.82.78.104.56504 > 85.7.118.85.3399: Flags [S], seq 2801711594, win 1024, length 0
13:07:25.629032 IP 185.153.196.25.45321 > 85.7.118.85.30003: Flags [S], seq 3401250207, win 1024, length 0
13:07:33.148229 IP 185.176.26.105.59073 > 85.7.118.85.2800: Flags [S], seq 1603400972, win 1024, length 0
13:07:36.241248 IP 175.163.96.40.56153 > 85.7.118.85.22: Flags [S], seq 1426552405, win 28030, length 0
13:07:43.027145 IP 1.1.1.1 > 224.0.0.1: igmp query v3 [max resp time 5.0s]
^C
22 packets captured
22 packets received by filter
0 packets dropped by kernel

Here the config from eth0 and eth0.10

[root@ROUTER network]# cat eth0.network
[Match]
Name=eth0

[Network]
DHCP=ipv4
DNSSEC=no
BindCarrier=eth0
IPForward=ipv4

#[DHCP]
#VendorClassIdentifier="100008,0001,,Router"

;these are arbitrary names, but must match the *.netdev and *.network files
VLAN=eth0.10
[root@ROUTER network]# cat eth0.10.network
[Match]
Name=eth0.10

[Network]
DHCP=ipv4

[DHCP]
UseRoutes=false #right?
VendorClassIdentifier="100008,0001,,Router" #Where to set on eth0 or eth0.10 ?


[root@ROUTER network]# cat eth0.10.netdev 
[NetDev]
Name=eth0.10
Kind=vlan

[VLAN]
Id=10

I'm must register on www.swisscom.ch/registration to set the Internet Access live

Last edited by Morta (2019-07-14 10:55:35)

Offline

Pages: 1

Board footer

Powered by FluxBB