Hi All,
I’ve got an almost working setup using the Helium beta with KVM. The issue I’m running into involves using VLAN interfaces. With the non-VLAN interfaces everything works fine and I can hit all the ports that I’ve allowed via the ACLs on eth1. With the VLAN interface (eth2.1000), I can get an IP via DHCP but I can’t get much else to work. No ping, no nothing. I’ve applied the same rule set to both interfaces just for testing purposes. Any ideas?
tia
firewall {
all-ping enable
broadcast-ping disable
config-trap disable
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians enable
name LAN1-OUTSIDE {
default-action drop
rule 10 {
action accept
state {
established enable
related enable
}
}
rule 15 {
action accept
protocol icmp
}
rule 20 {
action accept
destination {
port 25,80,443
}
protocol tcp
state {
new enable
}
}
}
name OUTSIDE-IN {
default-action drop
rule 10 {
action accept
state {
established enable
related enable
}
}
}
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enable
twa-hazards-protection disable
}
interfaces {
ethernet eth0 {
address dhcp
description WAN
duplex auto
firewall {
in {
name OUTSIDE-IN
}
}
hw-id XX:XX:XX:ce:0d:83
smp_affinity auto
speed auto
}
ethernet eth1 {
address xxx.xxx.12.1/24
description LAN1
duplex auto
firewall {
in {
name LAN1-OUTSIDE
}
}
hw-id XX:XX:XX:8a:62:b3
smp_affinity auto
speed auto
}
ethernet eth2 {
duplex auto
hw-id XX:XX:XX:06:c8:44
smp_affinity auto
speed auto
vif 1000 {
address xxx.xxx.32.1/24
description VLAN1000
firewall {
in {
name LAN1-OUTSIDE
}
}
}
}
ethernet eth3 {
duplex auto
hw-id XX:XX:XX:95:64:c4
smp_affinity auto
speed auto
}
loopback lo {
}
}
nat {
source {
rule 100 {
outbound-interface eth0
source {
address xxx.xxx.12.0/24
}
translation {
address masquerade
}
}
}
}
service {
dhcp-server {
disabled false
shared-network-name xxxxxx {
authoritative disable
subnet xxx.xxx.12.0/24 {
default-router xxx.xxx.12.1
dns-server xxx.xxx.12.1
domain-name xxxxxx
lease 3600
start xxx.xxx.12.2 {
stop xxx.xxx.12.12
}
}
}
shared-network-name xxxxxx {
subnet xxx.xxx.32.0/24 {
default-router xxx.xxx.32.1
dns-server xxx.xxx.32.1
domain-name xxxxxx
lease 3600
start xxx.xxx.32.2 {
stop xxx.xxx.32.12
}
}
}
}
dns {
forwarding {
cache-size 2000
listen-on eth1
listen-on eth2
listen-on eth3
listen-on eth2.1000
}
}
https {
http-redirect enable
}
ssh {
port 22
}
}
system {
config-management {
commit-revisions 20
}
console {
device ttyS0 {
speed 9600
}
}
host-name xxxxxx
login xxxxxx
user xxxxxx {
authentication {
encrypted-password xxxxxx
}
level admin
}
}
ntp {
server xxxxx.tld {
}
server xxxxx.tld {
}
server xxxxx.tld {
}
}
package {
auto-sync 1
repository community {
components main
distribution helium
password xxxxxx
url http://packages.vyos.net/vyos
username xxxxxx
}
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level debug
}
}
}
time-zone UTC
}