[VLAN] Multi-vlan on linux

[Roy-Magne Mo]

lau den 29.04.2006 klokka 20:37 (+0200) skreiv Peter Stuge:

> > > > This could possibly be achieved with EBtables, but I haven't tried
> > > > that. 
> > > 
> > > Depending on the addressing plan that could get really messy really
> > > quickly, especially if the application has no knowledge about the
> > > network and lots of translation is required.
> > 
> > You don't need any translation, what I ment had to be implemented
> > with ebtables is the arp behaviour - probably not needed here.
> 
> The server has to understand that all this traffic is destined for
> the local host, but I guess iptables REDIRECT would do the trick, no
> ebtables needed. ARP entries should be picked up from incoming
> packets, right?

The linux host should answer all traffic with it's own mac-address, then
when the other host start sending traffic destined for another host on
an another private vlan - the linux host should forward this traffic on
with rewritten mac address, and the other way around.

Proxy arp and multiple vlan could also solve this but that seems
messier. 

>From the linux host all hosts seem to be on the same broadcast domain,
so it should not have to be in the packet path. On Juniper M-series
router you have something called local-proxy-arp, seems like some cisco
switches have it too.

It would have been nice to have this as a kernel feature of the
linux-kernel.

I don't think redirect would do, since this have to work at layer 2
instead of layer 3, correct my if I'm wrong - I haven't used lab time to
get this working. 


-- 
Roy-Magne Mo <rmo at sunnmore.net>