NethServer Version: 7.6
Hello Nethserver Users.
I ask for help in solving the problem - on the red interface I have 2 incoming connections on vlan - for organizing a backup. One of the networks on the corresponding vlan is used to access the file storage and access the server’s web interface.
The subnet has been added to trusted networks, so the services have also been added to work with the red interface - but here’s the problem - everything works fine if the red zone has no vlan - as soon as I use vlan, access to both the server’s web interface and the file’s the repository, and via ssh, it is allowed only before authorization - there is no further move. The firewall in the logs writes - drop connections from the vlan interface. Changing from a red role to an orange leads to rejeсt …
For the purity of the experiment, Nethserver was installed on a clean … I remember that there were no similar problems this winter - obviously the updates made corrections … I would be grateful for any help
Hi
I don’t quite understand your setup…
The RED Interface should point to the internet.
If you’re using that interface for Access (WebInterface) and Backups, that should use a VPN over the Internet, not a vLAN!
If it’s in house, add another interface to the nethserver and - by all means - use vLANs there.
Or on the green Interface.
Using vLANs to save the trouble of routing or firewalling is NOT the way to go!
My 2 cents
Andy
Hello
2 red interfaces with vlan - and the names red1 and red2 (vlan 2 and vlan 10, respectively). Both are used to access the Internet - vlan2 primary and vlan10 backup) in the multivan tab, the appropriate settings are made). There is a green zone - if the Internet disappears on vlan2 - the Internet route goes through vlan10 - everything is ok.
There is access to the web interface and shared folders from the green zone. The network from vlan2 is added to the trusted ones (192.168.10.0/24) - if you delete vlan 10 and vlan 2 and register the network 192xxxxxx / 24 on the red interface, then you have access to shared folders, and if you register vlan and specify the network, the firewall will not be allowed. This is the problem
Hi
OK, I understand now. Routing, VPNs or other funky stuff with MultiWAN and / or vLANs is not to be underestimated…
The easiest way would still be to add in a network Adapter and use that for access. That would be on the same subnet used for MultiWAN, but only used for access / backup.
My 2 cents
Andy
So it is - a network card for the red zone and a second card for the green. Again, if you remove the vlan labels, then there are no problems with the red zone - as soon as the vlan label is there, the firewall does not pass … Make a tagged and not tagged input on the “red network card” … mmmm … probably an option.
Maybe a bug in the FW config…
My 2 cents
Andy