Shorewall WAN interface configuration with VLAN

[Nord1ing]

Update to question:

 

Hello,

In order to replace my existing router, I want to use 4-ports mini PC. I don't use specialized OS like pfsence because I will run some virtual machine on the same hardware.

I decided to go with Debian 10 and installed Shorewall to manage network configuration.

In order to get network connection and config from ISP optical modem via DHSP, I need to configure VLAN100 on my WAN interface.

So far, I added vlan100 interface using ip utility. But i cannot figure out how to configure what via shorewall in order to make things work.

 

If someone know where to find a guide (i did not found) or have an idea to configure vlan100?

 

 

[mtz_federico]

59 minutes ago, Nord1ing said:

. I don't use specialized OS like pfsence because I will run some virtual machine on the same hardware.

You could run pfsense in a VM and you could pass vlan 100 to pfsense on one port and make a virtual switch

[Nord1ing]

52 minutes ago, mtz_federico said:

You could run pfsense in a VM and you could pass vlan 100 to pfsense on one port and make a virtual switch

I tested Esxi, but pcie pass-trough was not available.

And 2nd, I forgot to note, pfsence does not recognize usb wifi card :/

[mtz_federico]

6 minutes ago, Nord1ing said:

And 2nd, I forgot to note, pfsence does not recognize usb wifi card

I don't recommend using pfsense for wifi, only for routing (and other stuff). For wifi the best thing is to use an Access Point or a router in AP mode

[Nord1ing]

1 minute ago, mtz_federico said:

I don't recommend using pfsense for wifi, only for routing (and other stuff). For wifi the best thing is to use an Access Point or a router in AP mode

I try tu reduce numbers of equipment I want to agglomerate my router and my vm server into one mini-pc 

[Nord1ing]

Weird, still cannot get DHCP ip, something is wrong with my wan config :/

[Nord1ing]

Well, I advance step by step trough linux network config.

I tried to manage network trough

/etc/network/interfaces

and

/etc/NetworkManager/NetworkManager.conf

I added to /etc/network/interfaces :
 

auto enp1s0
iface enp1s0 inet manual

auto enp1s0.100
iface enp1s0.100 inet dhcp
    hwaddress ether <MAC>
    vlan-raw-device enp1s0

and modified /etc/NetworkManager/NetworkManager.conf to:

[ifupdown]
managed=true

So, my connection looks like that:

 

I get correct IP4 configuration via DHCP from my FTTH modem now.

but still cannot access internet

1. Am I missing something?
2. Can I do the same parameters but via shorewall?

[ben_zen]

So your firewall is picking up a DHCP address appropriately; can you reach other well-known internet addresses from the firewall? Say, pinging 8.8.8.8.

 

If you can, I'd suggest making sure you've enabled IP masquerading and make sure that forwarding is turned on for all of the interfaces you want to have traffic forwarded across! In the shorewall config demo, I see a reference to Debian: https://shorewall.org/three-interface.htm#SNAT

[Nord1ing]

On 2/28/2020 at 6:16 PM, ben_zen said:

So your firewall is picking up a DHCP address appropriately; can you reach other well-known internet addresses from the firewall? Say, pinging 8.8.8.8.

 

If you can, I'd suggest making sure you've enabled IP masquerading and make sure that forwarding is turned on for all of the interfaces you want to have traffic forwarded across! In the shorewall config demo, I see a reference to Debian: https://shorewall.org/three-interface.htm#SNAT

Thank you! That helped.

I added to /etc/shorewall/masq:

enp1s0.100:net	enp1s0.100

and disabled "Act as router" webmin's networking->network configuration->routing section