[ale] VLANs for home with a Linux Router
Alex Carver
agcarver+ale at acarver.net
Mon Jan 2 20:09:11 EST 2017
On 2017-01-02 16:55, DJ-Pfulio wrote:
> On 01/02/2017 06:55 PM, Robert L. Harris wrote:
>> Linux firewall
>
> That can mean almost anything.
>
> VLANs are "suggestions", not security, unless there is physical separation at
> some point.
>
> Better to segment the network using a different router port for each subnet and
> separate "dumb" switches for each, as needed.
>
> This is actually how I do it, but with pfsense for the router. A normal linux
> distro can do it, just tie the firewall rules to the specific interface. Don't
> know about typical $20 home routers.
??????
(Normal Linux distro (Debian in this case) but assuming no heredoc
functionality in the shell)
modprobe 8021q
echo "8021q" >> /etc/modules
echo "auto ethX.VLANID" >> /etc/network/interfaces
echo "iface ethX.VLANID inet static" >> /etc/network/interfaces
echo "address AAA.BBB.CCC.DDD" >> /etc/network/interfaces
echo "netmask 255.255.255.0" >> /etc/network/interfaces
echo "vlan-raw-device ethX" >> /etc/network/interfaces
ifup ethX.VLANID
#repeat and customize as needed
iptables -A FORWARD -i ethX.VLANID1 -o ethX.VLANID2 -j ACCEPT
More information about the Ale
mailing list