[prev in list] [next in list] [prev in thread] [next in thread]
List: freebsd-net
Subject: re: kern/156408: [vlan] Routing failure when using VLANs vs.
From: Thomas Johnson <tom () claimlynx ! com>
Date: 2011-04-20 16:00:22
Message-ID: 201104201600.p3KG0MTA037994 () freefall ! freebsd ! org
[Download RAW message or body]
The following reply was made to PR kern/156408; it has been noted by GNATS.
From: Thomas Johnson <tom@claimlynx.com>
To: bug-followup@FreeBSD.org, tom@claimlynx.com
Cc:
Subject: re: kern/156408: [vlan] Routing failure when using VLANs vs. Physical
ethernet interfaces.
Date: Wed, 20 Apr 2011 10:21:27 -0500
--20cf307d01eeabd00704a15b2dba
Content-Type: text/plain; charset=ISO-8859-1
After further investigation, I have learned some new information that may or
may not be useful.
Although I am able to connect from a host on the office lan over the bridge
to hosts on the data center lan, the firewall itself is unable to connect to
these same hosts. This can be corrected by adding host static routes to the
firewall in the same manner as I described in my initial PR. This behavior
appears to be a result of the 172.31.0.0/16 route pointing at the vlan500
interface, as I see ARP requests for dc hosts leave the firewall on the
local lan (vlan500).
By comparison, my existing/old firewall has a matching route for
172.31.0.0/16 pointing at the local lan (in that case, the lan is a physical
adapter, not a vlan). Connections from the firewall to hosts at the dc lan
work correctly, and I see ARP requests on both the lan interface and the vpn
tap interface.
--
Thomas Johnson
ClaimLynx, Inc.
--20cf307d01eeabd00704a15b2dba
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
After further investigation, I have learned some new information that may o r may \
not be useful.<br><br>Although I am able to connect from a host on th e office lan \
over the bridge to hosts on the data center lan, the firewall itself is unable to \
connect to these same hosts. This can be corrected by a dding host static routes to \
the firewall in the same manner as I described in my initial PR. This behavior \
appears to be a result of the <a href="ht tp://172.31.0.0/16" \
target="_blank">172.31.0.0/16</a> route pointing at t he vlan500 interface, as I see \
ARP requests for dc hosts leave the firewall on the local lan (vlan500).<br>
<br>By comparison, my existing/old firewall has a matching route for <a hre \
f="http://172.31.0.0/16">172.31.0.0/16</a> pointing at the local lan (in that case, \
the lan is a physical adapter, not a vlan). Connections from the firewall to hosts \
at the dc lan work correctly, and I see ARP requests on both the lan interface and \
the vpn tap interface.<br clear="all"> <br>-- <br>Thomas Johnson<br>ClaimLynx, \
Inc.<br>
--20cf307d01eeabd00704a15b2dba--
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic