FreeBSD running vlan and bridge on one shared interface

 I have this setup on FreeBSD 13.2 on my Raspberry PI:

vlans_ue0="vlan3"
create_args_vlan3="vlan 3"

cloned_interfaces="bridge0 bridge3"

ifconfig_bridge0="addm ue0 SYNCDHCP"
ifconfig_bridge0_ipv6="inet6 auto_linklocal accept_rtadv"
ifconfig_ue0="up"

ifconfig_bridge3="addm vlan3"
ifconfig_vlan3="up"


So:

    +--vlan3--bridge3--jailProxy
    |
ue0-+
    |
    +--bridge0--jailWifi


Networking from the host works fine.
Networking from jailWifi works fine.

But... jailProxy can send DHCP to the network in vlan 3. But the reply goes to jailWifi.

Does bridge0 have precedence over vlan3? Could I let vlan3 handle packages with the proper vlan tag only and let the rest of the traffic go to bridge0?

Ok. While typing this I came up with a solution which I tested and works.

ue0--bridge0-+--jailWifi
             |
             +--epair0a--epair0b--vlan3--bridge3--jailProxy


So now I have this DMZ bridge3 on its own VLAN.
NB: you can't directly link a vlan over a bridge so the epair is in between.

Comments

Post a Comment

Popular posts from this blog

Waiting for clang. Forever and ever.

FreeBSD compiles with LLVM /clang by default. Part of this is compiling the compiler to accommodate upgrades of the compiler. On my laptop FreeBSD compiles in about 2 hours. But clang takes 2 hours on its own. The culprit is that now and than a small fix is made to the compiler which triggers 2 hours of extra building. It is also possible to install llvm as a pkg. This saves you hours of compiling. I tried to built base with the port, but it did not succeed yet. I now have setup FreeBSD in a container (FreeBSD jail) which helps greatly in fixing mistakes instead of a non bootable system without a working compiler I can now just reinstall the container from a working host. My changes to make this working: This is on: FreeBSD sjakie 13.0-CURRENT FreeBSD 13.0-CURRENT #11 r364932M: Sat Aug 29 03:21:18 CEST 2020 Add to /etc/src.conf : WITHOUT_CLANG=true WITHOUT_CLANG_IS_CC=true WITHOUT_CLANG_BOOTSTRAP=true WITHOUT_LLD=true WITHOUT_LLD_IS_LD=true WITHOUT_LLD_BOOTSTRAP=true WITHOUT_LLDB=true
Read more