Previously we had very simple network topology at the office. Only one private 10.0.0.0 network and all machines could see each other. And then one point to the Internet with a DENY ALL firewall. Life was easy and simple.
Then came the need to have something more.
This ment that I needed something quite complex compared to our old network.
I decided to try out Shorewall, active switches and VLANs.
The physical network topology is fortunately really simple. Everything is in same level and connected with switches. I use HP ProCurve switches. I don’t have real professional experience of different manufacturers, but these have always served me well.
The router hardware is unfortunately not so pro level. Just some workstation that was laying in the office. Maybe I need to upgrade at some point.
I’ve been Gentoo guy for several years but lately the project has been somewhat painful. You never know what happens when you upgrade some packages.
On the other hand I’ve used FreeBSD couple of years back to build similar networks.
This time I chose Ubuntu Server as the OS. Let’s see how this goes. I hope I don’t need to do this install process again. If you don’t see really pissed off blog post after this one, then everything went better than expected.
DHCP daemon is run on the router and it serves on all networks. Nothing fancy here. Some static IPs for servers and rest is using dynamic pools.
Maintaining iptables & co by hand is a pain in the ass. I decided to use Shorewall this time.
It was really easy to put together. Documentation was good and to the point. All configuration was done in couple of hours.
When everything was up and running in the router it was time to change the logical network topology with VLANs.
This is where I hit problems. I changed the configuration on the switch and the whole network died. Nothing was getting thru.
I hit my head to the wall for several hours trying to debug what the hell was going on. Then for some crazy reason I thought “what if there is something wrong with the network interface in the router” and did a quick google search. It turned out that the chip I had integrated on the motherboard wasn’t playing nice with the Linux kernel driver and the VLAN wasn’t working. Oh crap.
I reverted the switch configuration to have all machines in the same logical network.
Later I purchased new network card to the router and did the same configuration to the switch. It worked like a charm.