- 论坛徽章:
- 0
|
我在网络上做 BSD6.2+ipfw+pf+bridge+VLAN
这几天一直在爬文,收获不小,所有都通过了,只有VLAN还有问题,在不加VLAN的情况下,网桥+pf+ipfw都可以工作(做透明防火墙)。
但加了vlan后不行了, 我把配置贴下来,请高手过来看看.
/boot/loader.conf
if_vlan_load="YES"
if_bridge_load="YES"
ipdivert_load="YES"
/etc/sysctl.conf
net.link.ether.ipfw=1
net.link.bridge.ipfw=1
net.link.bridge.ipfw_arp=1
net.link.bridge.pfil_member=1
net.link.bridge.pfil_onlyip=1
/etc/rc.conf
pf_enable="YES"
pf_rules="/etc/pf.rule"
pflog_enable="YES"
pflog_file="/var/log/pflog"
firewall_enable="YES"
firewall_script="/etc/ipfw.rule"
firewall_type="/etc/ipfw.conf"
firewall_type="OPEN"
firewall_quiet="NO"
firewall_logging_enable="YES"
ifconfig_xl0="up"
ifconfig_xl0="up polling"
cloned_interfaces="bridge0 vlan2 vlan3 vlan4"
ifconfig_vlan2="vlan 2000 vlandev xl0 up"
ifconfig_vlan3="vlan 3000 vlandev xl0 up"
ifconfig_vlan4="vlan 4000 vlandev xl0 up"
fconfig_xl1="up"
autobridge_interfaces="bridge0"
autobridge_bridge0="xl1 vlan2 vlan3 vlan4"
ifconfig_ath0="inet channel 11 ssid 108m mode 11g mediaopt hostap"
ifconfig_bridge0="addm xl0 addm xl1 addm vlan2 addm vlan3 addm vlan4 up"
ifconfig_xl0="up"
ifconfig_xl1="up"
defaultrouter="172.16.140.254"
clear_tcp_enable="YES"
这是我的 ifconfig运行:
home# ifconfig
xl0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
options=49<RXCSUM,VLAN_MTU,POLLING>
ether 00:04:76:a0:13:68
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
xl1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
options=49<RXCSUM,VLAN_MTU,POLLING>
ether 00:04:79:66:84:42
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
plip0: flags=108810<POINTOPOINT,SIMPLEX,MULTICAST,NEEDSGIANT> mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
inet6 ::1 prefixlen 128
inet 127.0.0.1 netmask 0xff000000
pfsync0: flags=0<> mtu 2020
syncpeer: 224.0.0.240 maxupd: 128
pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33208
bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet 172.16.140.10 netmask 0xffffff00 broadcast 172.16.140.255
ether 12:6b:4a:ac:e5:4d
priority 32768 hellotime 2 fwddelay 15 maxage 20
member: vlan4 flags=3<LEARNING,DISCOVER>
member: vlan3 flags=3<LEARNING,DISCOVER>
member: vlan2 flags=3<LEARNING,DISCOVER>
member: xl1 flags=3<LEARNING,DISCOVER>
member: xl0 flags=3<LEARNING,DISCOVER>
vlan2: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
ether 00:04:76:a0:13:68
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
vlan: 2000 parent interface: xl0
vlan3: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
ether 00:04:76:a0:13:68
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
vlan: 3000 parent interface: xl0
vlan4: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
ether 00:04:76:a0:13:68
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
vlan: 4000 parent interface: xl0
三层交换机配置:
VLAN ID : 3000
Name : dx1
VLAN Type : Normal
IP Address : 220.16.62.65/27
Mac address : 00:05:3b:04:63:80
Tagged Ports : 2
Untagged Ports :
VLAN ID : 4000
Name : dx2
VLAN Type : Normal
IP Address : 220.16.62.33/27
Mac address : 00:05:3b:04:63:80
Tagged Ports : 2
Untagged Ports :
VLAN ID : 2000
Name : wt
VLAN Type : Normal
IP Address : 221.110.96.73/28
Mac address : 00:05:3b:04:63:80
Tagged Ports : 2
二层交换机配置:
Description : normal
VLAN ID : 2000
Name : v2000
Mac address : 00:05:3b:14:04:5d
Tagged Ports : 5
Untagged Ports : 2
Description : normal
VLAN ID : 3000
Name : v3000
Mac address : 00:05:3b:14:04:5d
Tagged Ports : 5
Untagged Ports : 3
Description : normal
VLAN ID : 4000
Name : v4000
Mac address : 00:05:3b:14:04:5d
Tagged Ports : 5
Untagged Ports : 4
Description : normal
以上的结果 bridge0这个桥是通了, 但通过三层交换机打VLAN下来的数据就不能通过.
如果不经过bridge0, 直接用网线联接三层到二层是可以通过的. 也就说一定是bridge0和vlan的设置问题.
请大家帮看看, 整几天了, 先谢过... |
|
免费注册
发表于 2008-11-11 14:04
