|
||||||||
On 9/29/07, Joe Lagreca <joe at bignetonline dot com> wrote: > I finally got it working! Thanks for all your help. > > I'm not sure, but I think the Nokia IP110 does not work with VLANs. I > built another machine and finally got it working. I had to put a rule > in for that interface to pass traffic. However I would have though i > could ping the internal vlan interface without a rule. > It should definitely work with VLAN's. The only problem may be MTU issues if the NIC doesn't support hardware tagging or long frames. Every NIC works with VLAN's, some can have MTU problems. > Right now, the VLANs can all communicate between each other. I'm > assuming they are routing through the m0n0wall. How can I prevent > this, while only letting each of them get out to the internet? What > rule can I put in place and where? > Put in rules on each interface as appropriate to allow/deny whatever you want. Traffic entering each interface goes through the rules on that interface. So maybe deny what you don't want, then allow what you do. Or allow to destination "not" whatever your internal subnets are if you can CIDR summarize them. Just make sure you don't block DNS resolution to m0n0wall's IP on each subnet, assuming you're using m0n0wall. > Also, I cannot administer the switch from any of the VLAN ports > anymore. You need to change the management VLAN to which ever network you want to use to manage the switch and give it an IP on that subnet. -Chris |