[Novalug] Firewall with BSD or Linux using vlan port(s) inquiry
mailinglistmember at mgwigglesworth.net
Sun Apr 4 23:19:26 EDT 2010
I have started to investigate how to get around the single port provided
by the VIA boards just aquired, and wondered if anyone has experimented
with using vlans for firewall on BSD, or linux.
(My platform is BSD, however, I just wanted to get feedback on linux as
well, since it seems to have more development activity, due to
I have never investigated this functionality of the 802.1q standard,
however, I think that Cisco 2600/3600 (can't remember which) provide
this functionality via vlans through FWSM, or FireWall Service Module.
As I said, I have never investigated this option because of the
possability of the compromise of the vlan layers, in some drastic instance.
What has been the millage for you guys on this topic?
vlancmd(xl0)=vlan0+...+vlanN; where one of the vlans are used for the
WAN port, and another vlan is used for the logical internal LAN
interface, and then NAT done on those two vlan ports to produce the same
result as if there were two physical ports on the routing device.
I know this configuration has probably been around for years, however,
due to the iherent security concerns I have never used it.
What experience has anyone had with this type of setup?
I have not started testing it out yet.
Martes G Wigglesworth
M. G. Wigglesworth Holdings, LLC
More information about the Novalug