Welcome, Guest. Please login or register.
Did you miss your activation email?
Tuesday 10 December 2024, 11:13:49 pm

Login with username, password and session length

The Latest Endian Firewall is now available for download HERE
14261 Posts in 4377 Topics by 6517 Members
Latest Member: Sandro
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  General Support
| | |-+  Can't split GREEN zone using VLANs
0 Members and 2 Guests are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: Can't split GREEN zone using VLANs  (Read 29467 times)
ixe013
Jr. Member
*
Offline Offline

Posts: 3


« on: Saturday 22 November 2014, 04:07:12 pm »

This is a fairly frequent question, but I have read every post about it and still can't figure it out.

I have Endian Community 3.0 running in my lab. I use it to reproduce a larger deployment for testing purposes. I start with 3 machines on the GREEN interface, static ip. They can connect to the Internet and I have set up rules that allow me to ssh from the RED interface to them. I have also set up access to Endian's GUI and SSH via the RED interface before, so I am not locked out.

Now I want to split the GREEN. I would like to add 192.168.1.0/24 and 192.168.2.0/24 to the existing 192.168.0.15/24. Any IP/CIDR will do, as long as they are separate.

So I created two VLANs, ran the network configuration Wizard, selected the VLAN as part of the green interface. Now machines that were on the GREEN interface can't connect to anything, not even Endian itself (192.168.0.15:10443 for example).


What steps am I missing that will allow me to have multiple vlans in the GREEN zone?

Here is the output in Status>Network status

Code:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
    link/ether 08:00:27:56:d6:9b brd ff:ff:ff:ff:ff:ff
    inet6 fe80::a00:27ff:fe56:d69b/64 scope link
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
    link/ether 08:00:27:aa:31:e8 brd ff:ff:ff:ff:ff:ff
    inet 10.162.15.110/25 brd 10.162.15.127 scope global eth1
32: eth0.2000@eth0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
    link/ether 08:00:27:56:d6:9b brd ff:ff:ff:ff:ff:ff
    inet6 fe80::a00:27ff:fe56:d69b/64 scope link
       valid_lft forever preferred_lft forever
33: eth0.1000@eth0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
    link/ether 08:00:27:56:d6:9b brd ff:ff:ff:ff:ff:ff
    inet6 fe80::a00:27ff:fe56:d69b/64 scope link
       valid_lft forever preferred_lft forever
3336: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
    link/ether 08:00:27:56:d6:9b brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.15/24 brd 192.168.0.255 scope global br0
Logged
kieronrob
Full Member
***
Offline Offline

Gender: Male
Posts: 57


« Reply #1 on: Saturday 22 November 2014, 05:03:13 pm »

Hi,

Please give this a try and post if it works:

http://help.endian.com/entries/25391848-How-to-split-a-zone-in-sub-zones


Logged
ixe013
Jr. Member
*
Offline Offline

Posts: 3


« Reply #2 on: Sunday 23 November 2014, 12:08:31 pm »

I wanted to try it, but I can't get past the requirement "Two or more subnets configured to the same zone (ex. 10.0.1.0/24 and 10.0.2.0/24 for GREEN Zone)".

Configuring subnets to the same zone is what I am trying to acheive. Isolation will come later. I have created vlan's but it is like no IP/CIDR are assigned to them. For starters, I would be happy if any host on any vlan would be able to ping the firewall...
Logged
kieronrob
Full Member
***
Offline Offline

Gender: Male
Posts: 57


« Reply #3 on: Sunday 23 November 2014, 07:08:26 pm »

Hi,

Use the "network configuration" wizard under the system tab to add subnets on the green interface.
Logged
TheEricHarris
Full Member
***
Offline Offline

Posts: 86


« Reply #4 on: Tuesday 16 December 2014, 05:36:42 pm »

I have a layer 3 switch that handles the routing for my vlans.   I just create a route for each vlan in Endian and point it to my l3 switch.
Logged
soldolphin
Jr. Member
*
Offline Offline

Posts: 1


« Reply #5 on: Monday 22 December 2014, 01:25:41 pm »

Hi, ixe013!
I have same problem.
My lab has three subnets, but i can't split their ranges.
Did you resolve it?
Logged
TheEricHarris
Full Member
***
Offline Offline

Posts: 86


« Reply #6 on: Monday 22 December 2014, 02:12:07 pm »

Do yourself a favor,  use Sophos or pfsense.   This project is dead.
Logged
mmiat
Sr. Member
****
Offline Offline

Gender: Male
Posts: 236


WWW
« Reply #7 on: Monday 22 December 2014, 09:24:17 pm »

attention: subnets and vlans are different concepts and different technologies
Logged

---------------------
IT Consultant
www.fsw.it
Hardware & Software
ixe013
Jr. Member
*
Offline Offline

Posts: 3


« Reply #8 on: Wednesday 24 December 2014, 12:51:08 pm »

Thanks everybody, but I needed more help, the step-by-step with screen shots. I had already tried to "Use the network wizard" before posting. I acheived what I wanted to do with pfsense.
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.125 seconds with 19 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com