[Novalug] Firewall with BSD or Linux using vlan port(s) inquiry

[MGW-Discussions]

Greetings guys.

I have started to investigate how to get around the single port provided 
by the VIA boards just aquired, and wondered if anyone has experimented 
with using vlans for firewall on BSD, or linux.

(My platform is BSD, however, I just wanted to get feedback on linux as 
well, since it seems to have more development activity, due to 
commercial acceptance.)

I have never investigated this functionality of the 802.1q standard, 
however, I think that Cisco 2600/3600 (can't remember which) provide 
this functionality via vlans through FWSM, or FireWall Service Module.

As I said, I have never investigated this option because of the 
possability of the compromise of the vlan layers, in some drastic instance.

What has been the millage for you guys on this topic?

vlancmd(xl0)=vlan0+...+vlanN; where one of the vlans are used for the 
WAN port, and another vlan is used for the logical internal LAN 
interface, and then NAT done on those two vlan ports to produce the same 
result as if there were two physical ports on the routing device.

I know this configuration has probably been around for years, however, 
due to the iherent security concerns I have never used it.

What experience has anyone had with this type of setup?

I have not started testing it out yet.

-- 
Respectfully,

Martes G Wigglesworth
M. G. Wigglesworth Holdings, LLC
www.mgwigglesworth.com