Multiple physical ports for one LAN zone

Support
1

I have a hardware appliance with 4 physical interfaces that I’m setting up and have the need for a traditional router setup with a single red/wan interface and multiple interfaces for the same lan/green zone, similar to this:

The closest thing I can find to accomplish this is bonding multiple interfaces. It appears bonding is meant more for load balancing and failover than acting as a switch. Will it cause any problems?

Also, if any ports are bonded but unplugged, NethServer keeps displaying a warning about unassigned ports, which makes me think it may not be the best solution.

Thank you in advance.

2

You should bridge the 4 ports.

3 Likes
3

I thought bridging was for joining multiple networks. I don’t get any connectivity on the additional ports when I use bridging. Here’s a screenshot of the config before setting up the bridge:

Pasted image710×235 59.4 KB

And this is after:

Plugged into eth1, everything works great before (obviously) and after setting up the bridge. I can’t even ping the gateway (192.168.1.1) when connected to eth2 or eth3. Am I doing something wrong?

4

You’re doing everything right, AFAICS.
Could you run tcpdump on eth2 or eth3 (tcpdump -nn -p -i eth2) while pinging?
Do you see lines logged in /var/log/firewall.log?

5

I have the same behavior with Vlan.
I had opened a thread for this…

It’s seem you must create routes… Even, if in the Centos doc, it’s clearly mentionned that it’s not necessary :smirk:

I’vegot an issue here vlan are taking very long time to be up, but I can’t determine what’s wrong…

6

Pasted image722×266 38.6 KB

Firewall.log:

Nov  6 11:41:22 localhost kernel: Shorewall:OUTPUT:REJECT:IN= OUT=br0 
SRC=192.168.1.1 DST=192.168.1.155 LEN=112 TOS=0x00 PREC=0xC0 TTL=64 
ID=45757 PROTO=ICMP TYPE=3 CODE=1 [SRC=192.168.1.155 DST=192.168.1.1 
LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=62758 DF PROTO=ICMP TYPE=8 CODE=0 
ID=2286 SEQ=3 ] 
Nov  6 11:41:23 localhost kernel: Shorewall:INPUT:REJECT:IN=br0 OUT= 
MAC=00:0c:29:e2:87:4b:00:0c:29:ee:c0:fc:08:00 SRC=192.168.1.155 
DST=192.168.1.1 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=62880 DF PROTO=ICMP 
TYPE=8 CODE=0 ID=2286 SEQ=4 
Nov  6 11:41:23 localhost kernel: Shorewall:OUTPUT:REJECT:IN= OUT=br0 
SRC=192.168.1.1 DST=192.168.1.155 LEN=112 TOS=0x00 PREC=0xC0 TTL=64 
ID=45758 PROTO=ICMP TYPE=3 CODE=1 [SRC=192.168.1.155 DST=192.168.1.1 
LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=62880 DF PROTO=ICMP TYPE=8 CODE=0 
ID=2286 SEQ=4 ] 
Nov  6 11:41:24 localhost kernel: Shorewall:INPUT:REJECT:IN=br0 OUT= 
MAC=00:0c:29:e2:87:4b:00:0c:29:ee:c0:fc:08:00 SRC=192.168.1.155 
DST=192.168.1.1 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=62948 DF PROTO=ICMP 
TYPE=8 CODE=0 ID=2286 SEQ=5 
Nov  6 11:41:24 localhost kernel: Shorewall:OUTPUT:REJECT:IN= OUT=br0 
SRC=192.168.1.1 DST=192.168.1.155 LEN=112 TOS=0x00 PREC=0xC0 TTL=64 
ID=45759 PROTO=ICMP TYPE=3 CODE=1 [SRC=192.168.1.155 DST=192.168.1.1 
LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=62948 DF PROTO=ICMP TYPE=8 CODE=0 
ID=2286 SEQ=5 ] 
Nov  6 11:41:25 localhost kernel: Shorewall:INPUT:REJECT:IN=br0 OUT= 
MAC=00:0c:29:e2:87:4b:00:0c:29:ee:c0:fc:08:00 SRC=192.168.1.155 
DST=192.168.1.1 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=63059 DF PROTO=ICMP 
TYPE=8 CODE=0 ID=2286 SEQ=6 
Nov  6 11:41:25 localhost kernel: Shorewall:OUTPUT:REJECT:IN= OUT=br0 
SRC=192.168.1.1 DST=192.168.1.155 LEN=112 TOS=0x00 PREC=0xC0 TTL=64 
ID=45760 PROTO=ICMP TYPE=3 CODE=1 [SRC=192.168.1.155 DST=192.168.1.1 
LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=63059 DF PROTO=ICMP TYPE=8 CODE=0 
ID=2286 SEQ=6 ] 
Nov  6 11:41:26 localhost kernel: Shorewall:INPUT:REJECT:IN=br0 OUT= 
MAC=00:0c:29:e2:87:4b:00:0c:29:ee:c0:fc:08:00 SRC=192.168.1.155 
DST=192.168.1.1 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=63178 DF PROTO=ICMP 
TYPE=8 CODE=0 ID=2286 SEQ=7 
Nov  6 11:41:26 localhost kernel: Shorewall:OUTPUT:REJECT:IN= OUT=br0 
SRC=192.168.1.1 DST=192.168.1.155 LEN=112 TOS=0x00 PREC=0xC0 TTL=64 
ID=45761 PROTO=ICMP TYPE=3 CODE=1 [SRC=192.168.1.155 DST=192.168.1.1 
LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=63178 DF PROTO=ICMP TYPE=8 CODE=0 
ID=2286 SEQ=7 ] 
Nov  6 11:41:27 localhost kernel: Shorewall:INPUT:REJECT:IN=br0 OUT= 
MAC=00:0c:29:e2:87:4b:00:0c:29:ee:c0:fc:08:00 SRC=192.168.1.155 
DST=192.168.1.1 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=63295 DF PROTO=ICMP 
TYPE=8 CODE=0 ID=2286 SEQ=8 
Nov  6 11:41:27 localhost kernel: Shorewall:OUTPUT:REJECT:IN= OUT=br0 
SRC=192.168.1.1 DST=192.168.1.155 LEN=112 TOS=0x00 PREC=0xC0 TTL=64 
ID=45762 PROTO=ICMP TYPE=3 CODE=1 [SRC=192.168.1.155 DST=192.168.1.1 
LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=63295 DF PROTO=ICMP TYPE=8 CODE=0 
ID=2286 SEQ=8 ]
7

Has there been any solution to Multiple physical ports for one LAN zone?

I have tested and found the same as Adam’s post with Neth Server 7.4.1708 (All updates applied as of 30-4-2018).

I have tested creating 3 LAN ethernet ports with 3 different subnets and traffic will follow between each subnet and WAN as expected, however all tests with bridging has failed.

1 Like
8

@dev_team could be that the bridging action create some “nested” bridges interfaces?

1 Like