Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I configured a VLAN to isolate one physical system. This is my first venture with a VLAN. What tests should I perform to ensure this box is isolated?
I am using DD-WRT in a Linksys WRT54-GL. I created a separate VLAN for port 4. This port is for a testing box that I want to keep isolated from my LAN. Mostly the box is used for testing distros. The system came with Windows 7 installed but I rarely use Windows.
My LAN is on subnet 192.168.1.x. The router is assigned to 192.168.1.1.
The port 4 VLAN is on subnet 192.168.40.x. The DHCP server for that VLAN assigns addresses starting at .102. The VLAN is not bridged.
My nominal testing with the installed Fedora 22 and a LMDE live USB indicates the system is correctly assigned an IP address of 192.168.40.102.
I can ping the router at 192.168.1.1, but pinging other systems on my LAN subnet fail, as I expect and desire. Browsing with the built-in Caja Samba browser does not find my LAN Samba server.
Is there anything further to do to ensure this system is truly isolated?
To answer your question, ways to test whether the VLAN was truly isolated, I need to know why you want to use, providing different subnet or something else. Normally, VLAN traffic can be isolated in router, could be isolated in subnet.
Why? I thought I addressed that in the original post. A testing machine.
Okay, let's make this juicier. Suppose this is a Windows machine used to connect to a corporate VPN and network. I do not want corporate sys admins having any knowledge of my LAN, let alone potential access.
Or make this even more fun, to test malware infections. Malware is being designed more craftily and testing in a VM won't succeed with some malware, such as ransomware. Only way to test and learn is a physical machine connected to the web.
Okay, let's make this juicier. Suppose this is a Windows machine used to connect to a corporate VPN and network. I do not want corporate sys admins having any knowledge of my LAN, let alone potential access.
If VPN is terminated on corporate router and then the traffic is routed to your local router, it is impossible to hide your private LAN. Your private LAN is gone after your local router.
If VPN is terminated on corporate router and then the traffic is routed to your local router, it is impossible to hide your private LAN. Your private LAN is gone after your local router.
I understand that the routing table changes when connecting to a VPN. Yet in my example, the machine is already on a VLAN, which uses a different subnet than my LAN. I do not see how anybody on the VPN subnet sees the LAN subnet, which is different from the VLAN subnet.
Let's say there are two sides on your local router, one side connect to you local LANs and another side connect to corporate network.
Yes, you can use VLAN to isolate testing machine from LAN subnet. Any machine on LAN subnet can't see any packet generated from testing machine.
But if testing machine access Internet, VLAN is gone after your local router.
But if testing machine access Internet, VLAN is gone after your local router.
Are you saying that once the VLAN machine connects to the web that anybody on the web can access the LAN across the VLAN subnet? If yes, I do not understand that because the VLAN is not bridged to the LAN subnet.
Are you saying that once the VLAN machine connects to the web that anybody on the web can access the LAN across the VLAN subnet? If yes, I do not understand that because the VLAN is not bridged to the LAN subnet.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.