Hi all,
this is my first post here but I enjoy reading this forum from quite a lot.
Since I now have a full Gb ethernet connection at home I decided to start an hobby project to learn about linux and networks: build a small home server using an intel nuc running linux. To isolate the server from the rest of the network I decided to place it in a vlan.
The server is connected to port2 of a netgear gs105e managed switch, configured to assign vlan200 to port2. Port1 is a trunk to route vlan200 and vlan1 to the port 4 of my rt-ac68u obviously running Merlin fw.
After some weeks of study and trials/errors I manged to get the server running and the vlan working, but I still have dhcp issues when rebooting the ac68u. It seems the linux client on vlan200 can get a valid dhcp ip address only when renewing the dhcp lease (by timeout or manual intervention), otherwise the server keeps its address (I can reach it) but the router dhcp lease log does not show it.
Now I'm at a loss, with my level of knowledge I don't really have more debug ideas so I kindly ask for your help and suggetions. I've read some knowledgeable people (like @Martineau) talking about a delay or some kind of synchronization needed to have this working, but I couldn't make it.
As a last thing, I run skynet, diversion and stubby on the router I don't know if this can affect my configuration.
Thank you
this is my first post here but I enjoy reading this forum from quite a lot.
Since I now have a full Gb ethernet connection at home I decided to start an hobby project to learn about linux and networks: build a small home server using an intel nuc running linux. To isolate the server from the rest of the network I decided to place it in a vlan.
The server is connected to port2 of a netgear gs105e managed switch, configured to assign vlan200 to port2. Port1 is a trunk to route vlan200 and vlan1 to the port 4 of my rt-ac68u obviously running Merlin fw.
After some weeks of study and trials/errors I manged to get the server running and the vlan working, but I still have dhcp issues when rebooting the ac68u. It seems the linux client on vlan200 can get a valid dhcp ip address only when renewing the dhcp lease (by timeout or manual intervention), otherwise the server keeps its address (I can reach it) but the router dhcp lease log does not show it.
Now I'm at a loss, with my level of knowledge I don't really have more debug ideas so I kindly ask for your help and suggetions. I've read some knowledgeable people (like @Martineau) talking about a delay or some kind of synchronization needed to have this working, but I couldn't make it.
As a last thing, I run skynet, diversion and stubby on the router I don't know if this can affect my configuration.
dnsmasq.conf.add:
vlan-config script launched by services-start:
vlan-firewall script lauched by firewall-start: I removed all drop rules to make sure I'm not blocking something useful
plus I run at nat-start:
Code:
#
# Add DHCP custom range for VLAN 200
#
#listen-address=192.168.200.1 <- not sure it's needed or useful but makes no difference
interface=vlan200
dhcp-range=vlan200,192.168.200.10,192.168.200.200,255.255.255.0,86400s
dhcp-option=vlan200,3,192.168.200.1
dhcp-option=vlan200,6,192.168.200.1,0.0.0.0
#
#manually assign a static ip address of the 192.168.200.* pool to the
#lubuntu machine
#
dhcp-host=lubuntu-machine,192.168.200.43
#
#local redirection for server:
#
address=/my.home.ddns.address/192.168.200.43vlan-config script launched by services-start:
Code:
#!/bin/sh
#
/usr/bin/logger "================== VLAN CONFIG START ==================="
robocfg show | grep -i vlan200 > /dev/null 2>&1 || \
(
/usr/bin/logger "========= ROBOCFG"
# lan ports 1-4 assigned to vlan1 when untagged, port 5 is the CPU
robocfg vlan 1 ports "1 2 3 4 5t"
# or all the ports can carry vlan200 if tagged as such
robocfg vlan 200 ports "1t 2t 3t 4t 5t"
/usr/bin/logger "====== VCONFIG"
# Create VLAN200
vconfig add eth0 200 || /usr/bin/logger "VLAN 200 already exists"
/usr/bin/logger "====== IFCONFIG"
# Bring VLAN200 up (note that dnsmasq has already been configured for this address)
ifconfig vlan200 192.168.200.1 netmask 255.255.255.0 up
brctrl addif br200 vlan200
)
/usr/bin/logger "=================== VLAN CONFIG DONE ==================="vlan-firewall script lauched by firewall-start: I removed all drop rules to make sure I'm not blocking something useful
Code:
#!bin/sh
#
/usr/bin/logger "======= VLAN200 IPTABLES ======"
# set iptables rules for VLAN200 to access the WAN only
iptables -I FORWARD -i vlan200 -m state --state NEW -j ACCEPT
iptables -I INPUT -i vlan200 -j ACCEPT
/usr/bin/logger "=================== VLAN200 IPTABLES DONE ==================="plus I run at nat-start:
Code:
#!bin/sh
#
/usr/bin/logger "====== IPTABLES NAT FORWARDING"
#configure port forwading for lubuntu-machine - fixed ip address in dnsmasq.conf.add
#I use the same chain used by official port forwarding, seems no side effects
iptables -t nat -I VSERVER -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.200.43
iptables -t nat -I VSERVER -p tcp -m tcp --dport 443 -j DNAT --to-destination 192.168.200.43
/usr/bin/logger "=================== IPTABLES DONE ==================="Thank you
