[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ale] VLANs for home with a Linux Router
- Subject: [ale] VLANs for home with a Linux Router
- From: agcarver+ale at acarver.net (Alex Carver)
- Date: Mon, 2 Jan 2017 17:09:11 -0800
- In-reply-to: <[email protected]>
- References: <CAOXayVvemP2nknEffL8OcYG9kCp5HDzUxOqK1aQ=TKNppAPcPA@mail.gmail.com> <[email protected]>
On 2017-01-02 16:55, DJ-Pfulio wrote:
> On 01/02/2017 06:55 PM, Robert L. Harris wrote:
>> Linux firewall
>
> That can mean almost anything.
>
> VLANs are "suggestions", not security, unless there is physical separation at
> some point.
>
> Better to segment the network using a different router port for each subnet and
> separate "dumb" switches for each, as needed.
>
> This is actually how I do it, but with pfsense for the router. A normal linux
> distro can do it, just tie the firewall rules to the specific interface. Don't
> know about typical $20 home routers.
??????
(Normal Linux distro (Debian in this case) but assuming no heredoc
functionality in the shell)
modprobe 8021q
echo "8021q" >> /etc/modules
echo "auto ethX.VLANID" >> /etc/network/interfaces
echo "iface ethX.VLANID inet static" >> /etc/network/interfaces
echo "address AAA.BBB.CCC.DDD" >> /etc/network/interfaces
echo "netmask 255.255.255.0" >> /etc/network/interfaces
echo "vlan-raw-device ethX" >> /etc/network/interfaces
ifup ethX.VLANID
#repeat and customize as needed
iptables -A FORWARD -i ethX.VLANID1 -o ethX.VLANID2 -j ACCEPT