I Have 10 switch cisco 2950T that connect via 802.1q protocol togather,
and don't have any Layer 3 switch or Router. I want to know Linux box can
act as layer 3 device with below config or can inter-vlan Routing???
My Intranet interface is the VLAN 1. (eth0)
My Lan Interface face the VLAN 2. (eth1)
My DMZ interface face the VLAN 3. (eth2)
eth0 (linux) -> switch (fas0/1) (switchport mode trunk )
eth1 (linux) -> switch (fas0/2) (switchport access vlan 2)
eth2 (linux) -> switch (fas0/3) (switchport access vlan 3)
////////
Intranet: 192.168.100.0/24 (for switch management)
LAN: 172.16.3.0/24
DMZ: 192.168.1.0/24
/////////
I already install VLAN package and config is:
#modprobe 8021q
#vconfig add eth1 2
#vconfig add eth2 3
My interface scripts is:
auto eth0
iface eth0 inet static
address 192.168.100.91
netmask 255.255.255.0
vlan_raw_device eth0
auto eth1
iface eth1 inet static
address 172.16.3.1
netmask 255.255.255.0
network 172.16.3.0
broadcast 172.16.3.255
vlan_raw_device eth0
iface eth2 inet static
address 192.168.1.192
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
gateway 192.168.1.1
vlan_raw_device eth0
Iptables:
(192.168.1.80 is our sql-server)
*nat
-A PREROUTING -s 172.16.3.0/255.255.255.0 -d 192.168.1.80 -p tcp -m multiport
--dports 1433 -j ACCEPT
-A POSTROUTING -s 172.16.3.0/255.255.255.0 -d 192.168.1.80 -j MASQUERADE
*filter
-A FORWARD -i eth1 -o eth2 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i eth2 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
best regards
--
To UNSUBSCRIBE, email to debian-firewall-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
No comments:
Post a Comment