Wednesday, June 12, 2013

InterVLAN Routing using CentOS with 1 Interface


Scenario:


  • Router: CentOS Server with 1 network card.

  • Clients: 2 WindowsXP in VLAN10,1 Ubuntu and 1 CentOS in VLAN20.

  • Switch: Cisco 2960


Cisco 2960 Switch Configuration:

interface FastEthernet0/1
description CONNECTED TO CentOS ROUTER
switchport mode trunk
!
!
!
interface FastEthernet0/5
description WINXP-1
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/6
description WINXP-2
switchport access vlan 10
switchport mode access
!
!
!
interface FastEthernet0/15
description UBUNTU CLIENT
switchport access vlan 20
switchport mode access
!
interface FastEthernet0/16
description CentOS CLIENT
switchport access vlan 20
switchport mode access

CentOS Router Configuration:

First, we need to disable the SELinux:
sudo nano /etc/selinux/config



Change SELINUX from enforcing to disabled:



To configure the base interface(in my case, eth0):
sudo nano /etc/sysconfig/network-scripts/ifcfg-eth0



It should have at least the following elements:
DEVICE=eth0 
BOOTPROTO=none   #if it didn’t work then use static
ONBOOT=yes 
TYPE=Ethernet



To setup a VLAN10, on eth0, then we should create a file ifcfg-vlan10 inside /etc/sysconfig/network-scripts/:



ifcfg-vlan10 should have following elements:



Again to setup a VLAN20, on eth0, then we should create a file ifcfg-vlan20 inside /etc/sysconfig/network-scripts/:



ifcfg-vlan20 should have following elements:



To enable ip forwarding, edit /etc/sysctl.conf file:
sudo nano /etc/sysctl.conf



Change net.ipv4.ip_forward from 0 to 1:



Restart the Networking service:
sudo service network restart



Use the ifconfig command to check the newly created vlan interfaces:
ifconfig



To forward the traffic between the vlans, we should configure the iptables:
sudo nano /etc/sysconfig/iptables



Add these two lines (place them according to your iptables file configuration):
-A FORWARD -i vlan10 -o vlan20 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i vlan20 -o vlan10 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT



Test from WinXP-1:



Test from WinXP-2:



Test from Ubuntu Client:





Test from CentOS Client:





 

Hope this will help you!
Posted by at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)