[ previous ] [ next ] [ threads ]
 
 From:  Michel Servaes <michel at mcmc dot be>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] VLANs not really working ?
 Date:  Thu, 03 Jul 2008 23:57:59 +0200
I reverted back to the setup with my two LAN cards, hooked up my old AP 
to LAN2, and connected the new AP to LAN
Now when I hop from the old AP to the new AP, my IP also gets changed 
(from 172.16 to 172.18 or vice versa), and all sites work just fine 
now... so if it would be my ARP table, shouldn't I be facing the same 
problem ??

It seems when hopping between two real LAN's instead of VLAN's, that I 
don't have that same problem... maybe my new AP isn't really VLAN 
qualified, but since my IP followed I gathered that this would be ok ?

Currently I have the old AP hooked up onto LAN2, but I created a 
temporary VLAN 2 for my "guest" feature... so I can experiment a little 
with my new AP, without interfering the neighbours :)


I installed the "guest" with a DHCP 172.16.99.0 (being the gateway 
172.16.99.253), went into monowall, diagnostics, arp-tables, removed all 
entries of any other being outside 172.16.99.xxx about my computer... 
retried and  I still won't go further than google, gmail
I did add the rule like I did for my LAN2, being any traffic routed 
outside (VLAN2 - any protocol - any network).
Did an "ipconfig /flushdns", to make sure I am not using any cached dns 
data, and still only google, gmail is accessible... when hopping back to 
my WPA on VLAN1, all my visited sites work just fine.

I am puzzled... it's fun. Being able to ping (for instance) 
www.userbase.be, but not able to access it via VLAN2, and while hopping 
back onto VLAN1, it'll simply access the site... weird. I'll jump into 
my other partition where Ubuntu is installed - maybe my Vista is doing 
weird things, I really don't know.

David Burgess wrote:
> On Thu, Jul 3, 2008 at 2:44 PM, Michel Servaes <michel at mcmc dot be> wrote:
>
>   
>> Hi,
>>
>>
>> I was using my monowall with 2 LAN cards before, added two access points to
>> each LAN, and me and my neighbour were separate users.
>> I have setup a pipe for 3mbit traffic onto the LAN card of my neighbour.
>> Now, today I am trying to add an Access Point capable of doing VLAN, and
>> have added another SSID onto one of the VLAN's.
>>
>> So my setup being in the DLINK
>>
>> SSID : WPA on VLAN 1 (being a generic VLAN)
>> SSID : WEP on VLAN 8 (being a VLAN with a DHCP 172.18.0.0)
>>
>> On monowall I have
>>
>> LAN with DHCP 172.16.0.0 (ip : 172.16.0.253)
>> VLAN8 with DHCP 172.18.0.0 (ip : 172.18.0.253)
>>
>> I altered the pipe that now my VLAN8 is limited in traffic (3 mbits), but
>> each and every time I change from my WLAN (wpa) to my neighbours (to testrun
>> my setup), WEP, I cannot access the internet (now strangely enough)
>> completely ???
>> I can access google, I can send/receive mails, but as soon as I try to
>> connect to a site to test my speed (or any other site) it won't connect...
>>
>> When I do an ipconfig on my computer, I do get the right ip address of the
>> corresponding DHCP range... so the VLAN is working, but somewhere the
>> routing is messed up (i think)
>>
>> I can ping however every site (they do resolve, and some of them reply -
>> the ones that won't reply, don't reply either on my wlan)...
>>
>>
>> What might I be doing wrong here ??
>>     
>
>
> Could it be that m0n0wall has the wrong arp entry for your computer because
> you're hopping LANs? Try deleting your old arp entry from m0n0wall's arp
> table, or wait for it to expire then try again. Has your neighboour tried
> connecting to VLAN8? Does he have the same problem you have?
>
> db
>
>