October 8th, 2010, 04:53 PM
I have a firewall Ubuntu 10.04 with 3 nic interface (Wan, Dmz, Lan with Vlan tagging 8021q).

I would configure this machine with static routing between Vlan on ethint and ethdmz but I don't figure out how to do this infact I can't ping from Vlan to dmz and viceversa.

If I add a static routing on windows machine on vlan "route add -p mask" I can ping the firewall but I can't ping the server for example.

Now I don't want to apply this routing rules on all windows machine but I want add static routing on firewall so I can ping from Vlan the Dmz zone and viceversa.

| --- ethext 192.xx.xx.xx
| --- ethdmz
| --- ethint (vlan id 120)

I want route all packets from interface vlan120 with destination to ethdmz

This is my route command
Tabella di routing IP del kernel
Destination Gateway Genmask Flags Metric Ref Use Iface * UH 0 0 0 tun0 * U 0 0 0 ethdmz * U 0 0 0 vlan150 * U 0 0 0 vlan90 * U 0 0 0 vlan130 UG 0 0 0 tun0 * U 0 0 0 ethext * U 0 0 0 vlan140 * U 0 0 0 vlan120
default UG 100 0 0 ethext

PS I don't search for natting or bridging!

October 10th, 2010, 10:38 AM
October 10th, 2010, 01:05 PM
"route add -p mask" I can ping the firewall but I can't ping the server for example.

I don't see a -p option in the man page for route. What's it supposed to do? I'd use either

route add -net netmask gw

or using the newer and simpler "ip" command

ip route add via

Do either of these formats work for you?

October 12th, 2010, 09:40 AM
The options -p is for route command on Winzozz and not under Linux! :)

I added the command route add -p mask on windows machine and I can ping the interface on Linux firewall but I can't ping the machine

Instead if I add the routing command that you suggested me on Linux machine I can't ping even from vlan!

PS I wouldn't use natting for do this

October 13th, 2010, 01:18 AM
Sorry, I don't do Windows. Perhaps you'd be better served to ask on a Windows forum rather than here?

October 13th, 2010, 04:52 PM
I don't think so because I am working with unix like system and this is a forum about this! If you read well I asked a solution for routing with my ubuntu machine avoiding routings with clients with windows so.


October 13th, 2010, 05:21 PM
Are you trying to get the windows box to act as a router?
From what I have been told you need a router to talk between Vlans.

October 15th, 2010, 09:27 AM
No, I have ubuntu server that routing vlan through shorewall and I works great!

I am studing routing and so I would know why I can't route with static rules.