Join Log in
Score:0
avatar Server

Configured routing tables not used by virtual interfaces (vlan)

cn flag
user161458

I need PC1 to be able to communicate with PC2 through two vlan (configured on two virtual interface). Each of them having a gateway configured to communicate with a different subnet.

Here is the diagram:

     ~ ~ ~ ~<vlan10>~ ~ ~ ~
192.168.1.1         192.168.1.254
PC1 ----------------------------- FW ----------------------------- PC2
192.168.2.1         192.168.2.254    11.20.1.254                11.20.1.1
     ~ ~ ~ ~<vlan20>~ ~ ~ ~

PC1:
- eth0.10 = 192.168.1.1/24
- eth0.20 = 192.168.2.1/24

Firewall:
- allow all

I added two routing table, one for each virtual interface:

# ip route list table vlan10
default via 192.168.1.254 dev eth0.10 proto static 

# ip route list table vlan20
default via 192.168.2.254 dev eth0.20 proto static 

# ip route
192.168.1.0/24 dev eth0.10 proto kernel scope link src 192.168.1.1 
192.168.2.0/24 dev eth0.20 proto kernel scope link src 192.168.2.1

This is how the routing table are applied:

# ip rule
0:  from all lookup local
32762:  from all to 192.168.2.1 lookup vlan20
32763:  from 192.168.2.1 lookup vlan20
32764:  from all to 192.168.1.1 lookup vlan10
32765:  from 192.168.1.1 lookup vlan10
32766:  from all lookup main
32767:  from all lookup default

I can ping the firewall interface on the same subnet (the gateway):

# ping 192.168.1.254
PING 192.168.1.254 (192.168.1.254) 56(84) bytes of data.
64 bytes from 192.168.1.254: icmp_seq=1 ttl=64 time=1.09 ms
64 bytes from 192.168.1.254: icmp_seq=2 ttl=64 time=0.740 ms
64 bytes from 192.168.1.254: icmp_seq=3 ttl=64 time=0.319 ms

# ping 192.168.2.254
PING 192.168.2.254 (192.168.2.254) 56(84) bytes of data.
64 bytes from 192.168.2.254: icmp_seq=1 ttl=64 time=0.937 ms
64 bytes from 192.168.2.254: icmp_seq=2 ttl=64 time=0.269 ms
64 bytes from 192.168.2.254: icmp_seq=3 ttl=64 time=0.444 ms

I can't ping the firewall interface on the other subnet:

# ping 11.20.1.1
connect: Destination host unreachable

# ping 11.20.1.1 -I eth0.10
PING 11.20.1.1 (11.20.1.254) from 192.168.1.1 eth0.10: 56(84) bytes of data.
^C
--- 11.20.1.1 ping statistics ---
4 packets transmitted, 0 received, 100% packet loss, time 75ms

When I use wireshark, I see an ARP request destinated to 11.20.1.1, even if it's on another subnet and it should use the default gateway from the routing table.

When I configure the default gateway in the main routing table, the ARP request is destinated to the gateway and the ping work:

# ip route add default via 192.168.1.254

# ping 11.20.1.1 -I eth0.10
PING 11.20.1.1 (11.20.1.1) from 192.168.1.1 eth0.10: 56(84) bytes of data.
64 bytes from 11.20.1.1: icmp_seq=1 ttl=64 time=0.660 ms
64 bytes from 11.20.1.1: icmp_seq=2 ttl=64 time=0.504 ms
^C
--- 11.20.1.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 9ms
rtt min/avg/max/mdev = 0.504/0.582/0.660/0.078 ms

Do you know where the problem come from ? rp_filteris already set to 0 on the physical and virtual interfaces.

41
0 + 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.