[ previous ] [ next ] [ threads ]
 
 From:  "Joe Lagreca" <joe at BIGnetOnline dot com>
 To:  "Chris Buechler" <cbuechler at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] m0n0 and VLANs problem setting up
 Date:  Sat, 29 Sep 2007 17:53:11 -0700 
If it is MTU issues, how can I correct it?  Should I make the MTU smaller?

I thought each interface denies all traffic by default, unless
otherwise specified.  Is that only applicable on the WAN interface?
On the VLAN interfaces, I have only created a rule that allows
everything outbound, like the default rule on the LAN to allow
internet access.  Since I didnt allow anything inbound, I can't
understand why other interfaces are able to ping the clients.

Thanks!

-- 
Joe LaGreca
Founder & Owner, BIGnet Online
619-393-1733 Office
619-318-3246 Cell
www.BIGnetOnline.com



On 9/29/07, Chris Buechler <cbuechler at gmail dot com> wrote:
> On 9/29/07, Joe Lagreca <joe at bignetonline dot com> wrote:
> > I finally got it working!  Thanks for all your help.
> >
> > I'm not sure, but I think the Nokia IP110 does not work with VLANs.  I
> > built another machine and finally got it working.  I had to put a rule
> > in for that interface to pass traffic.  However I would have though i
> > could ping the internal vlan interface without a rule.
> >
>
> It should definitely work with VLAN's. The only problem may be MTU
> issues if the NIC doesn't support hardware tagging or long frames.
> Every NIC works with VLAN's, some can have MTU problems.
>
>
> > Right now, the VLANs can all communicate between each other.  I'm
> > assuming they are routing through the m0n0wall.  How can I prevent
> > this, while only letting each of them get out to the internet?  What
> > rule can I put in place and where?
> >
>
> Put in rules on each interface as appropriate to allow/deny whatever
> you want. Traffic entering each interface goes through the rules on
> that interface. So maybe deny what you don't want, then allow what you
> do. Or allow to destination "not" whatever your internal subnets are
> if you can CIDR summarize them. Just make sure you don't block DNS
> resolution to m0n0wall's IP on each subnet, assuming you're using
> m0n0wall.
>
>
> > Also, I cannot administer the switch from any of the VLAN ports
> > anymore.
>
> You need to change the management VLAN to which ever network you want
> to use to manage the switch and give it an IP on that subnet.
>
> -Chris
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>


-- 
Joe LaGreca
Founder & Owner, BIGnet Online
619-393-1733 Office
619-318-3246 Cell
www.BIGnetOnline.com