[ale] VLANs for home with a Linux Router

Alex Carver agcarver+ale at acarver.net
Mon Jan 2 20:09:11 EST 2017


On 2017-01-02 16:55, DJ-Pfulio wrote:
> On 01/02/2017 06:55 PM, Robert L. Harris wrote:
>> Linux firewall
> 
> That can mean almost anything.
> 
> VLANs are "suggestions", not security, unless there is physical separation at
> some point.
> 
> Better to segment the network using a different router port for each subnet and
> separate "dumb" switches for each, as needed.
> 
> This is actually how I do it, but with pfsense for the router. A normal linux
> distro can do it, just tie the firewall rules to the specific interface. Don't
> know about typical $20 home routers.

??????

(Normal Linux distro (Debian in this case) but assuming no heredoc
functionality in the shell)

modprobe 8021q
echo "8021q" >> /etc/modules

echo "auto ethX.VLANID" >> /etc/network/interfaces
echo "iface ethX.VLANID inet static" >> /etc/network/interfaces
echo "address AAA.BBB.CCC.DDD" >> /etc/network/interfaces
echo "netmask 255.255.255.0" >> /etc/network/interfaces
echo "vlan-raw-device ethX" >> /etc/network/interfaces

ifup ethX.VLANID

#repeat and customize as needed
iptables -A FORWARD -i ethX.VLANID1 -o ethX.VLANID2 -j ACCEPT



More information about the Ale mailing list