F5F Stay Refreshed Power Users Networks Configure shorewall WAN interface using VLAN settings

Configure shorewall WAN interface using VLAN settings

Configure shorewall WAN interface using VLAN settings

C
CastDatRod
Member
Find
69
08-21-2023, 07:24 AM
#1
Hello, To switch my current router, I plan to use a 4-port mini PC. Since I won’t be using a specialized OS like pfSense, I’ll run a virtual machine on the same hardware. I’m choosing Debian 10 and set up Shorewall for network management. For connecting to the ISP optical modem via DHCP, I need to set up VLAN100 on my WAN interface. I added the vlan100 interface with the ip utility so far, but I’m unsure how to configure it through Shorewall correctly. Do you have any guidance or examples on how to do this?
Reply
Reply
C
CastDatRod
08-21-2023, 07:24 AM #1

Hello, To switch my current router, I plan to use a 4-port mini PC. Since I won’t be using a specialized OS like pfSense, I’ll run a virtual machine on the same hardware. I’m choosing Debian 10 and set up Shorewall for network management. For connecting to the ISP optical modem via DHCP, I need to set up VLAN100 on my WAN interface. I added the vlan100 interface with the ip utility so far, but I’m unsure how to configure it through Shorewall correctly. Do you have any guidance or examples on how to do this?

Reply
Reply
B
bkisbeast1
Member
Find
63
08-21-2023, 09:09 AM
#2
It's possible to deploy PFSense within a virtual machine, assign VLAN 100 to it, and configure it as a virtual switch.
Reply
Reply
B
bkisbeast1
08-21-2023, 09:09 AM #2

It's possible to deploy PFSense within a virtual machine, assign VLAN 100 to it, and configure it as a virtual switch.

Reply
Reply
O
omrimic30
Member
Find
92
08-22-2023, 11:19 PM
#3
I tried Esxi but the PCIe pass-through wasn't working. Also, I didn't mention that PFense doesn't support USB Wi-Fi card.
Reply
Reply
O
omrimic30
08-22-2023, 11:19 PM #3

I tried Esxi but the PCIe pass-through wasn't working. Also, I didn't mention that PFense doesn't support USB Wi-Fi card.

Reply
Reply
A
Addycassy
Junior Member
Find
37
08-24-2023, 01:28 PM
#4
Avoid using PFSense for Wi-Fi; it's better suited for routing and other tasks. For Wi-Fi, opt for an access point or a router operating in AP mode.
Reply
Reply
A
Addycassy
08-24-2023, 01:28 PM #4

Avoid using PFSense for Wi-Fi; it's better suited for routing and other tasks. For Wi-Fi, opt for an access point or a router operating in AP mode.

Reply
Reply
_
_Aska_
Member
Find
89
08-24-2023, 04:24 PM
#5
I attempt to lower the count of devices I need to combine my router and VM server into a single mini-PC.
Reply
Reply
_
_Aska_
08-24-2023, 04:24 PM #5

I attempt to lower the count of devices I need to combine my router and VM server into a single mini-PC.

Reply
Reply
I
ItsProspek12
Junior Member
Find
1
09-03-2023, 01:07 PM
#6
Weird, still cannot get DHCP ip, something is wrong with my wan config :/
Reply
Reply
I
ItsProspek12
09-03-2023, 01:07 PM #6

Weird, still cannot get DHCP ip, something is wrong with my wan config :/

Reply
Reply
Z
Zalkin_V
Member
Find
110
09-03-2023, 07:46 PM
#7
I work through the Linux network setup one step at a time. I adjusted the /etc/network/interfaces file and added specific configurations, like enabling auto IP on enp1s0 and setting DHCP details. I also modified the NetworkManager.conf to ensure proper management. My connection now receives an IP via DHCP from the FTTH modem. Still, I can't reach the internet. Is there anything missing? Could I apply similar settings using Shorewall instead?
Reply
Reply
Z
Zalkin_V
09-03-2023, 07:46 PM #7

I work through the Linux network setup one step at a time. I adjusted the /etc/network/interfaces file and added specific configurations, like enabling auto IP on enp1s0 and setting DHCP details. I also modified the NetworkManager.conf to ensure proper management. My connection now receives an IP via DHCP from the FTTH modem. Still, I can't reach the internet. Is there anything missing? Could I apply similar settings using Shorewall instead?

Reply
Reply
I
iBroady
Junior Member
Find
14
09-03-2023, 08:04 PM
#8
Your firewall is correctly detecting a DHCP address. You should be able to reach standard internet addresses from it. Consider enabling IP masquerading and ensuring forwarding is active on the relevant interfaces. In the Shorewall configuration example I found, Debian is referenced at the provided link.
Reply
Reply
I
iBroady
09-03-2023, 08:04 PM #8

Your firewall is correctly detecting a DHCP address. You should be able to reach standard internet addresses from it. Consider enabling IP masquerading and ensuring forwarding is active on the relevant interfaces. In the Shorewall configuration example I found, Debian is referenced at the provided link.

Reply
Reply
T
TPG_Khalatic
Member
Find
183
09-03-2023, 08:58 PM
#9
Updated configuration file: /etc/shorewall/masq with interface enp1s0.100 net enabled, and removed the routing settings from Webmin.
Reply
Reply
T
TPG_Khalatic
09-03-2023, 08:58 PM #9

Updated configuration file: /etc/shorewall/masq with interface enp1s0.100 net enabled, and removed the routing settings from Webmin.

Reply
Reply