Welcome to the IPFire Wiki

This wiki is a community-maintained resource about everything there is to know about IPFire.

Please join in and help us improving it!

VLAN with IPFire

If the hardware has two physical network ports (NIC) only, e.g. eth0 and eth1 for Green & Red, additional virtual LANs for Blue and Orange can be defined and made available. In addition to your IPfire you need a switch, capable of supporting VLANs. The switch has to be configured according the settings in IPfire.

Example Network Map

Interface IP Range physical virtual
Red PPPOE X -
Green 192.168.1.0/24 X -
Blue 192.168.2.0/24 - X
Orange 10.0.1.0/24 - X
OpenVPN 10.0.2.0/24

Relevant Files

VLAN HW allocation

/var/ipfire/ethernet/vlans

This configuration file allows the definition of VLANs for the ipfire networks green, red, orange and blue. You can assign a VLAN-ID (between 2 and 4094) and a MAC address to each VLAN. (ID 0,1 and 4095 are reserved)

The parent device (XXX_PARENT_DEV) can be a physical NIC such as eth0 or another interface like green in the following example.


BLUE_PARENT_DEV=green0
BLUE_VLAN_ID=300
BLUE_MAC_ADDRESS=00:22:B1:B1:B1:30
ORANGE_PARENT_DEV=green0
ORANGE_VLAN_ID=400
ORANGE_MAC_ADDRESS=00:22:B1:B1:B1:40

This example will create an untagged green network and tagged orange and blue networks on the physical NIC of the green network. If you need to have tagged packetsonly on the NIC port (some switches cannot handle tagged and untagged on the same port), you will need to use thephysical NIC (e.g. eth0) as the PARENT_DEV.

VLAN network configuration

/var/ipfire/ethernet/settings

In this file, we configure the appropriate network ranges for the respective interfaces. This will enable the 4 networks in the WUI, too.


CONFIG_TYPE=4
GREEN_DEV=green0
GREEN_MACADDR=00:22:B1:B1:B1:B1
GREEN_DESCRIPTION='"pci: Intel Corporation 82574L Gigabit Network Connection"'
GREEN_DRIVER=e1000e
RED_DEV=red0
RED_MACADDR=00:22:A1:A1:A1:A1
RED_DESCRIPTION='"pci: Intel Corporation 82574L Gigabit Network Connection"'
RED_DRIVER=e1000e
GREEN_ADDRESS=192.168.1.1
GREEN_NETMASK=255.255.255.0
GREEN_NETADDRESS=192.168.1.0
GREEN_BROADCAST=192.168.1.255
BLUE_DEV=blue0
BLUE_ADDRESS=192.168.2.1
BLUE_NETMASK=255.255.255.0
BLUE_NETADDRESS=192.168.2.0
BLUE_BROADCAST=192.168.2.225
BLUE_DESCRIPTION='"pci: Intel Corporation 82574L Gigabit Network Connection"'
BLUE_DRIVER=e1000e
ORANGE_DEV=orange0
ORANGE_ADDRESS=10.0.1.1
ORANGE_NETMASK=255.255.255.0
ORANGE_NETADDRESS=10.0.1.0
ORANGE_BROADCAST=10.0.1.225
ORANGE_DESCRIPTION='"pci: Intel Corporation 82574L Gigabit Network Connection"'
ORANGE_DRIVER=e1000e
RED_DHCP_HOSTNAME=ipfw
RED_DHCP_FORCE_MTU=
RED_ADDRESS=0.0.0.0
RED_NETMASK=0.0.0.0
RED_TYPE=PPPOE
RED_NETADDRESS=0.0.0.0
RED_BROADCAST=255.255.255.255
DNS1=192.168.1.1
DNS2=
DEFAULT_GATEWAY=192.168.1.1

VLAN system start

After rebooting the system, ifconfig should show you the resulting interfaces:

green0    Link encap:Ethernet  HWaddr 00:22:B1:B1:B1:B1
`        inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0`
`        UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1`
`        RX packets:33068 errors:0 dropped:0 overruns:0 frame:0`
`        TX packets:50400 errors:0 dropped:0 overruns:0 carrier:0`
`        collisions:0 txqueuelen:1000`
`        RX bytes:4427532 (4.2 Mb)  TX bytes:59602567 (56.8 Mb)`
`        Interrupt:16 Memory:d0120000-d0140000`

blue0     Link encap:Ethernet  HWaddr 00:22:B1:B1:B1:30
`        inet addr:192.168.2.1  Bcast:192.168.2.225  Mask:255.255.255.0`
`        UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1`
`        RX packets:9047 errors:0 dropped:0 overruns:0 frame:0`
`        TX packets:6817 errors:0 dropped:0 overruns:0 carrier:0`
`        collisions:0 txqueuelen:0`
`        RX bytes:1523088 (1.4 Mb)  TX bytes:6122127 (5.8 Mb)`

orange0   Link encap:Ethernet  HWaddr 00:22:B1:B1:B1:40
`        inet addr:10.0.1.1  Bcast:10.0.1.225  Mask:255.255.255.0`
`        UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1`
`        RX packets:0 errors:0 dropped:0 overruns:0 frame:0`
`        TX packets:0 errors:0 dropped:0 overruns:0 carrier:0`
`        collisions:0 txqueuelen:0`
`        RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)`

lo        Link encap:Local Loopback
`        inet addr:127.0.0.1  Mask:255.0.0.0`
`        UP LOOPBACK RUNNING  MTU:16436  Metric:1`
`        RX packets:271586 errors:0 dropped:0 overruns:0 frame:0`
`        TX packets:271586 errors:0 dropped:0 overruns:0 carrier:0`
`        collisions:0 txqueuelen:0`
`        RX bytes:14982933 (14.2 Mb)  TX bytes:14982933 (14.2 Mb)`

ppp0      Link encap:Point-to-Point Protocol
`        inet addr:XXX.XXX.XXX.XXX  P-t-P:XXX.XXX.XXX.XXX  Mask:255.255.255.255`
`        UP POINTOPOINT RUNNING NOARP  MTU:1492  Metric:1`
`        RX packets:45197 errors:0 dropped:0 overruns:0 frame:0`
`        TX packets:30590 errors:0 dropped:0 overruns:0 carrier:0`
`        collisions:0 txqueuelen:3`
`        RX bytes:56567643 (53.9 Mb)  TX bytes:3016567 (2.8 Mb)`

red0      Link encap:Ethernet  HWaddr 00:22:A1:A1:A1:A1
`        UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1`
`        RX packets:48860 errors:0 dropped:0 overruns:0 frame:0`
`        TX packets:34252 errors:0 dropped:0 overruns:0 carrier:0`
`        collisions:0 txqueuelen:1000`
`        RX bytes:57977321 (55.2 Mb)  TX bytes:4046398 (3.8 Mb)`
`        Interrupt:17 Memory:d0020000-d0040000`

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
`        inet addr:10.0.2.1  P-t-P:10.0.2.2  Mask:255.255.255.255`
`        UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1`
`        RX packets:0 errors:0 dropped:0 overruns:0 frame:0`
`        TX packets:0 errors:0 dropped:0 overruns:0 carrier:0`
`        collisions:0 txqueuelen:100`
`        RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)`

Enable Blue for the network

Finally, you may want to configure the "new" networks that you created with the VLANs. For example the blue network (blue0) must be enabled for the access to DNS, SMTPs, HTTPs etc., also the appropriate clients must be allowed to access the net.

Here is the description for Access to Blue.

More information

VLAN entry on Wikipedia

Edit Page ‐ Yes, you can edit!

Older Revisions • January 16 at 11:57 pm