Tagged packets?

Discussion in 'Tomato Firmware' started by Thrasher, Oct 27, 2008.

  1. Thrasher

    Thrasher Network Guru Member

    Hi guys,

    can I do the following with a Tomato'd router?

    I have a 3Com 4250 set up with 5 VLANs (10, 20 ,30 40 & 50).
    Port 50 is the tagged port for all VLANs.
    Can a port on Tomato be configured to receive the tagged packets then have them routed and NETed acordingly? i.e. if destination is not one of the VLANs they will be sent tout of the WAN interface then retagged on the return?

    Also, does anyone know of a HP/3Com switch capable of performing all of the above? Layer 3 routing with NAT on a port? i.e. I don't want tagged packets leaving the switch
  2. humba

    humba Network Guru Member

    All the WRT routers (and probably countless others) use a similar approach to networking: they have but two physical interfaces: a wired networking and a wireless networking one.

    All those routers use the wired interface for both lan connectivity as well as wan.. and the wireless interface is usually bridged to the lan part. To do this, the router uses vlans internally... vlan0 is generally the lan, vlan1 is the wan.

    Hence, with appropriate vlan configuration and iptable configuration, you should be able to do pretty advanced things. I actually separated lan ports from each other on a Tomato based router to have one lan port act as a wan port, and to have two distinct vlans for the lan part - they were untagged though but the way I read it tagging is possible as well.

    However, this is all way beyond the GUI of Tomato.. dd-wrt will get you halfway there (you can define vlans and bridges) but it lacks the central part of it all: the firewall. And to make matters more tricky, while you can list the firewall rules, they only list ip/port/protocol based rules.. I've yet to spot anything related to my vlans even though there's a bunch of rules to make sure communication goes through.

    So, your first step would be to create the new vlans and make them tagged (iirc a * after the number makes it tagged .. check the openwrt documentation for specifics - and there are a few threads about multiple subnets here in this board that will be helpful.. you can restrict your search to post by myself as I know I participated in one and it contains some details about vlans), then define the different subnets (I assume you want different subnets.. otherwise I don't see the point of having that many vlans) (dhcpmasq can be configured to run on different vlans and hand out IPs from the different subnets, and of course set the proper default gateway, etc.).. then finally you need to enable routing in between subnets (the routing table tomato has should help) and finally write the proper firewall rules to allow traffic to go where it needs to go.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice