From: Moray M. <mmc...@ox...> - 2006-09-18 09:26:02
|
We're about to set up VLANs on our local network to support shiny new switches and a shiny new VoIP phone system (Avaya IP Office - if anyone has any experience of networking IP Office, or indeed any Avaya VoIP system, I would love to discuss it with you, probably off-line since it is pretty off-topic.) Naturally I would like to be able to connect our firewalling DL box to the new phone VLAN, and use it as the firewall.=20 I've got a couple of questions, if anyone knows the answers. I've checked out all of this on the web, but haven't found definitive answers. 1) is the sample included with DL the best way to define VLANs (ifcfg-vlan100.sample on my box)? It is like a regular inferface config file, with the addition of VLANID=3D100 and removal of the MODULE=3D = line defining the kernel driver module. 2) does iptables interface identification (-i and -o switches) support identification of vlan interfaces as the source and destination interfaces of packets, or only the physical interfaces? I would expect it to work, except I expected that with virtual interfaces (e.g. eth1:1), and it doesn't work with those, but I guess vlan's a different kernel mechanism. 3) I'll want to run dhcpd on the DL box only on the vlan port, since it will only provide DHCP services for the phones, but our main Windows servers will continue to provide DHCP for everything else (saves messing with interoperability between Linux DHCP and Windows' dynamic DNS, tho' this looks doable if I really have to). Looking through /etc/init.d/dhcpd, DL starts DHCPD on interfaces which have = DHCP=3Dserver in their interface config, which makes this easy, but can anyone tell me what the routes being created in the following lines are for ? for DEVICE in $DEVICES; do route add -net 255.255.255.255 netmask 255.255.255.255 $DEVICE done Cheers, Moray -------------------------------------=20 Moray McConnachie IS Manager +44 1865 261 600 Oxford Analytica http://www.oxan.com |