Multiple physical ports for one LAN zone

Adam · November 5, 2015, 5:06pm

I have a hardware appliance with 4 physical interfaces that I’m setting up and have the need for a traditional router setup with a single red/wan interface and multiple interfaces for the same lan/green zone, similar to this:

The closest thing I can find to accomplish this is bonding multiple interfaces. It appears bonding is meant more for load balancing and failover than acting as a switch. Will it cause any problems?

Also, if any ports are bonded but unplugged, NethServer keeps displaying a warning about unassigned ports, which makes me think it may not be the best solution.

Thank you in advance.

filippo_carletti · November 6, 2015, 8:54am

You should bridge the 4 ports.

Adam · November 6, 2015, 4:29pm

I thought bridging was for joining multiple networks. I don’t get any connectivity on the additional ports when I use bridging. Here’s a screenshot of the config before setting up the bridge:

And this is after:

Plugged into eth1, everything works great before (obviously) and after setting up the bridge. I can’t even ping the gateway (192.168.1.1) when connected to eth2 or eth3. Am I doing something wrong?

filippo_carletti · November 6, 2015, 4:36pm

You’re doing everything right, AFAICS.
Could you run tcpdump on eth2 or eth3 (tcpdump -nn -p -i eth2) while pinging?
Do you see lines logged in /var/log/firewall.log?

Jim · November 6, 2015, 4:42pm

I have the same behavior with Vlan.
I had opened a thread for this…

It’s seem you must create routes… Even, if in the Centos doc, it’s clearly mentionned that it’s not necessary

I’vegot an issue here vlan are taking very long time to be up, but I can’t determine what’s wrong…

Adam · November 6, 2015, 4:48pm

Firewall.log:

Nov  6 11:41:22 localhost kernel: Shorewall:OUTPUT:REJECT:IN= OUT=br0 
SRC=192.168.1.1 DST=192.168.1.155 LEN=112 TOS=0x00 PREC=0xC0 TTL=64 
ID=45757 PROTO=ICMP TYPE=3 CODE=1 [SRC=192.168.1.155 DST=192.168.1.1 
LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=62758 DF PROTO=ICMP TYPE=8 CODE=0 
ID=2286 SEQ=3 ] 
Nov  6 11:41:23 localhost kernel: Shorewall:INPUT:REJECT:IN=br0 OUT= 
MAC=00:0c:29:e2:87:4b:00:0c:29:ee:c0:fc:08:00 SRC=192.168.1.155 
DST=192.168.1.1 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=62880 DF PROTO=ICMP 
TYPE=8 CODE=0 ID=2286 SEQ=4 
Nov  6 11:41:23 localhost kernel: Shorewall:OUTPUT:REJECT:IN= OUT=br0 
SRC=192.168.1.1 DST=192.168.1.155 LEN=112 TOS=0x00 PREC=0xC0 TTL=64 
ID=45758 PROTO=ICMP TYPE=3 CODE=1 [SRC=192.168.1.155 DST=192.168.1.1 
LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=62880 DF PROTO=ICMP TYPE=8 CODE=0 
ID=2286 SEQ=4 ] 
Nov  6 11:41:24 localhost kernel: Shorewall:INPUT:REJECT:IN=br0 OUT= 
MAC=00:0c:29:e2:87:4b:00:0c:29:ee:c0:fc:08:00 SRC=192.168.1.155 
DST=192.168.1.1 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=62948 DF PROTO=ICMP 
TYPE=8 CODE=0 ID=2286 SEQ=5 
Nov  6 11:41:24 localhost kernel: Shorewall:OUTPUT:REJECT:IN= OUT=br0 
SRC=192.168.1.1 DST=192.168.1.155 LEN=112 TOS=0x00 PREC=0xC0 TTL=64 
ID=45759 PROTO=ICMP TYPE=3 CODE=1 [SRC=192.168.1.155 DST=192.168.1.1 
LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=62948 DF PROTO=ICMP TYPE=8 CODE=0 
ID=2286 SEQ=5 ] 
Nov  6 11:41:25 localhost kernel: Shorewall:INPUT:REJECT:IN=br0 OUT= 
MAC=00:0c:29:e2:87:4b:00:0c:29:ee:c0:fc:08:00 SRC=192.168.1.155 
DST=192.168.1.1 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=63059 DF PROTO=ICMP 
TYPE=8 CODE=0 ID=2286 SEQ=6 
Nov  6 11:41:25 localhost kernel: Shorewall:OUTPUT:REJECT:IN= OUT=br0 
SRC=192.168.1.1 DST=192.168.1.155 LEN=112 TOS=0x00 PREC=0xC0 TTL=64 
ID=45760 PROTO=ICMP TYPE=3 CODE=1 [SRC=192.168.1.155 DST=192.168.1.1 
LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=63059 DF PROTO=ICMP TYPE=8 CODE=0 
ID=2286 SEQ=6 ] 
Nov  6 11:41:26 localhost kernel: Shorewall:INPUT:REJECT:IN=br0 OUT= 
MAC=00:0c:29:e2:87:4b:00:0c:29:ee:c0:fc:08:00 SRC=192.168.1.155 
DST=192.168.1.1 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=63178 DF PROTO=ICMP 
TYPE=8 CODE=0 ID=2286 SEQ=7 
Nov  6 11:41:26 localhost kernel: Shorewall:OUTPUT:REJECT:IN= OUT=br0 
SRC=192.168.1.1 DST=192.168.1.155 LEN=112 TOS=0x00 PREC=0xC0 TTL=64 
ID=45761 PROTO=ICMP TYPE=3 CODE=1 [SRC=192.168.1.155 DST=192.168.1.1 
LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=63178 DF PROTO=ICMP TYPE=8 CODE=0 
ID=2286 SEQ=7 ] 
Nov  6 11:41:27 localhost kernel: Shorewall:INPUT:REJECT:IN=br0 OUT= 
MAC=00:0c:29:e2:87:4b:00:0c:29:ee:c0:fc:08:00 SRC=192.168.1.155 
DST=192.168.1.1 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=63295 DF PROTO=ICMP 
TYPE=8 CODE=0 ID=2286 SEQ=8 
Nov  6 11:41:27 localhost kernel: Shorewall:OUTPUT:REJECT:IN= OUT=br0 
SRC=192.168.1.1 DST=192.168.1.155 LEN=112 TOS=0x00 PREC=0xC0 TTL=64 
ID=45762 PROTO=ICMP TYPE=3 CODE=1 [SRC=192.168.1.155 DST=192.168.1.1 
LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=63295 DF PROTO=ICMP TYPE=8 CODE=0 
ID=2286 SEQ=8 ]

markareait · April 30, 2018, 10:31pm

Has there been any solution to Multiple physical ports for one LAN zone?

I have tested and found the same as Adam’s post with Neth Server 7.4.1708 (All updates applied as of 30-4-2018).

I have tested creating 3 LAN ethernet ports with 3 different subnets and traffic will follow between each subnet and WAN as expected, however all tests with bridging has failed.

pike · May 2, 2018, 3:28pm

@dev_team could be that the bridging action create some “nested” bridges interfaces?