Join Log in
Score:1
Yetoo avatar Server

How to configure NetBSD to accept vlan tagged packets

cn flag
Yetoo

I am trying to set up a NetBSD install with a static ip that is on a vlan. The router is set up to only allow other vlans to access this vlan, but not the other way around. So the NetBSD install should be able to ping the outside world and respond to pings by devices on other vlans. This is the same environment and machine and connection as Unable to reach host with static ip and gateway is vlan - Debian 10 just different os. I was able to get that machine working with the same gateway/server/netmask values. Just a quick summary...

Router configuration:

IP: 192.168.2.1
Netmask: 255.255.255.0
DHCP range: 192.168.2.2 - 192.168.2.10

This particular vlan configuration (VLAN 3):

VLAN IP: 192.168.0.1
Netmask: 255.255.255.0
DHCP range: 192.168.0.10 - 192.168.0.254

NetBSD/server configuration: Address 192.168.0.2 Netmask: 255.255.255.0 Gateway: 192.168.0.1

The man page for vlan said to do the following to set up (adapted for current set up):

ifconfig vlan3 create
ifconfig vlan3 vlan 3 vlanif bce0

But, I was not able to ping the outside world nor respond to pings from other vlans. I then tried to do:

create
vlan 3 vlanif bce0

and reboot, but that yielded the same result. I assigned 192.168.0.2 to vlan3 via ifconfig vlan3 192.168.0.2 netmask 255.255.255.0 and I got the same result.

I wasn't sure if lack of other vlans were interfering so I created ifconfig.vlan1 - ifconfig.vlan3 and then rebooted:

/etc/ifconfig.vlan1:

create
vlan 1 vlanif bce0 up

/etc/ifconfig.vlan2:

create
vlan 2 vlanif bce0 up

/etc/ifconfig.vlan3:

create
vlan 3 vlanif bce0 up

But I got the same result. I assigned vlan3 192.168.0.2, but the result was the same.

I tried creating a tap (ifconfig tap0 create) and then assigning it 192.168.0.2 then creating vlan3 (I destroyed vlan3 before hand) and then doing ifconfig vlan 3 vlanif tap up, but result was the same.

Here's a snippet of if I go back to the /etc/ifconfig.vlan1-3 files with no ip assigned to any vlan interface and tcpdump -vv -e vlan and then ping 192.168.0.2 from other vlans:

05:35:06.932765 90:a7:c1:b6:37:44 (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 60: vlan 3, p 0, ethertype ARP (0x0806), Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.0.2 tell 192.168.0.1, length 42
05:35:07.932679 90:a7:c1:b6:37:44 (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 60: vlan 3, p 0, ethertype ARP (0x0806), Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.0.2 tell 192.168.0.1, length 42

Here is raw tcpdump: https://web.archive.org/web/20220112142651/https://tmpfiles.org/dl/188092/tcpdumpout

I have ensured that my default route is 192.168.0.1.

I'm not sure if network interfaces are loaded in the wrong order or if there is a firewall/packet filter that's on by default that I'm not aware of, but I don't know what's wrong.

59
0 + 0
Score:0
Yetoo avatar Server
cn flag
Yetoo

What I needed to do on top of having /etc/ifconfig.vlan3 and setting ip for vlan3 was to add default route on the vlan interface with the vid of choice (in this case 3). I didn't need the ifconfig.vlan1 and ifconfig.vlan2 files.

Before I post the instructions for persistent settings, for those that want to know, to add default route for a specified interface temporarily run route add default <gateway ip> -ifp <interface>.

First, to configure the defaultroute to use a specific interface on startup change /etc/rc.conf (or rc.local, I didn't test rc.local, but it should work) to add -ifp <interface> (line should look like defaultroute="<gateway ip> -ifp <interface>).

Next the vlan needs to be created and assigned an ip on startup. Whether or not you configure your parent interface (ethernet/wifi/etc...) in rc.conf/rc.local or ifconfig. don't assign ip address to it. When I tested with ip assigned to vlan3 and my main interface I didn't have any issues, but there may be some for you.

/etc/ifconifg.vlan3: create vlan 3 vlanif bce0 up <static ip in vlan> netmask 255.255.255.0

Then service network restart (make sure to destroy or delete ips of any interfaces that you don't want but still have configured to start at boot) or reboot the machine.

0 + 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.