Date: Wed, 20 Apr 2011 16:00:22 GMT From: Thomas Johnson <tom@claimlynx.com> To: freebsd-net@FreeBSD.org Subject: re: kern/156408: [vlan] Routing failure when using VLANs vs. Physical ethernet interfaces. Message-ID: <201104201600.p3KG0MTA037994@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR kern/156408; it has been noted by GNATS. From: Thomas Johnson <tom@claimlynx.com> To: bug-followup@FreeBSD.org, tom@claimlynx.com Cc: Subject: re: kern/156408: [vlan] Routing failure when using VLANs vs. Physical ethernet interfaces. Date: Wed, 20 Apr 2011 10:21:27 -0500 --20cf307d01eeabd00704a15b2dba Content-Type: text/plain; charset=ISO-8859-1 After further investigation, I have learned some new information that may or may not be useful. Although I am able to connect from a host on the office lan over the bridge to hosts on the data center lan, the firewall itself is unable to connect to these same hosts. This can be corrected by adding host static routes to the firewall in the same manner as I described in my initial PR. This behavior appears to be a result of the 172.31.0.0/16 route pointing at the vlan500 interface, as I see ARP requests for dc hosts leave the firewall on the local lan (vlan500). By comparison, my existing/old firewall has a matching route for 172.31.0.0/16 pointing at the local lan (in that case, the lan is a physical adapter, not a vlan). Connections from the firewall to hosts at the dc lan work correctly, and I see ARP requests on both the lan interface and the vpn tap interface. -- Thomas Johnson ClaimLynx, Inc. --20cf307d01eeabd00704a15b2dba Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable After further investigation, I have learned some new information that may o= r may not be useful.<br><br>Although I am able to connect from a host on th= e office lan over the bridge to hosts on the data center lan, the firewall = itself is unable to connect to these same hosts. This can be corrected by a= dding host static routes to the firewall in the same manner as I described = in my initial PR. This behavior appears to be a result of the <a href=3D"ht= tp://172.31.0.0/16" target=3D"_blank">172.31.0.0/16</a> route pointing at t= he vlan500 interface, as I see ARP requests for dc hosts leave the firewall= on the local lan (vlan500).<br> <br>By comparison, my existing/old firewall has a matching route for <a hre= f=3D"http://172.31.0.0/16">172.31.0.0/16</a>; pointing at the local lan (in = that case, the lan is a physical adapter, not a vlan). Connections from the= firewall to hosts at the dc lan work correctly, and I see ARP requests on = both the lan interface and the vpn tap interface.<br clear=3D"all"> <br>-- <br>Thomas Johnson<br>ClaimLynx, Inc.<br> --20cf307d01eeabd00704a15b2dba--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201104201600.p3KG0MTA037994>