[ previous ] [ next ] [ threads ]
 
 From:  "Jonathan k. Creasy" <jonathan at bluegrass dot net>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] vlan bridging broken?
 Date:  Thu, 15 Jun 2006 12:30:38 -0400 
I ran across the below thread while trying to trouble shoot my
vlan/bridging problem. My device appears to be complaining that it sees
the switch on both interfaces. 

 

-- loop (0) 00.60.fd.ea.ea.b3 to sis0 from sis1 (active)

-- loop (1) 00.60.fd.ea.ea.b3 to sis1 from sis0 (active)

 

I have a VLAN 511 which is my WAN (sis0). VLAN 510 is my DMZ (filtered
bridge on sis1 bridged with sis0). They are on the same switch but
separated. When I put the Monowall on each VLAN it puts up this LOOP
message and will not work. 

 

Does anyone have a suggestion regarding this? 

 

-Jonathan

 

************************************************************************
****

 

 

From:       "Neil A. Hillard" <m0n0 at dana dot org dot uk>

 To:        m0n0wall at lists dot m0n0 dot ch

 Subject:  

 Date:      Sat, 8 Apr 2006 11:02:47 +0100

 

Hi again,

 

>        I seem to remember a while back that someone posted a similar 

>problem but I appear to have recreated it myself!  The full details
are:

> 

>I'm running 1.22 Generic PC version.

> 

>I have the following interfaces configured:

> 

>vlan0   LAN

>vlan1   WAN

>vlan2   OPT1

>vlan3   OPT2

>vlan4   OPT3

> 

>OPT1 is bridged with WAN.  I have advanced outbound NAT set and am not 

>NATing traffic from LAN -> OPT1 so that I can still access the servers 

>by their real IP addresses.

> 

>I can access OPT1 from LAN no problem at all but OPT1 cannot get 

>anything from the WAN!

> 

> 

>As I have a managed switch, I've setup a spanned port and can see the 

>SYN go out from the server on OPT1, I can see it leave the WAN 

>interface.  I then see the SYN-ACK return to the WAN interface but I 

>don't see it return to OPT1.

> 

>I can also see the connection entered into the state table.

> 

>I normally have 'Enable filtering bridge' selected but even if I 

>disable it, it still doesn't work.

> 

>This was all working fine on 1.21 when I had separate NICs but I've now


>moved to one VLAN trunk and it no longer seems to work.

> 

>I'm going to try a separate physical NIC for OPT1 to see if that makes 

>a difference but I'd rather not have to - the whole point of the 

>exercise was to reduce cabling and try to simplify things!

 

Apologies for following up my own post but I've now tried with a second
interface in my firewall.  I can now confirm:

 

1) With a real interface as OPT1 the problem still exists.

 

2) With a real interface as WAN the problem is resolved.

 

 

It would appear that if any interface is bridged with a vlan interface
it is destined not to work.

 

If anyone has any ideas why then I'd love to know as I'd like to resolve
this.  I have WAN patched in to my managed switched so I can still use
the roving analysis port to perform packet captures if necessary but I'd
like to end up with a single interface for the firewall.

 

Many thanks in advance,

 

 

                                Neil.

 

-- 

Neil A. Hillard                E-Mail:   m0n0 at dana dot org dot uk

 

 

 

Jonathan Creasy
Network Engineer

BluegrassNet Development

www.bgnd.com www.bluegrass.net

o. 502-589-4638

c. 502-889-5567

h. 502-541-0566