You may want to expose a Linux machine\/server in your home to multiple VLANs to provide each VLAN with different services or allow access to that VLAN from the machine without having to go through the router. Here are ways in which you can do that on a machine with a single physical interface.<\/p>\n\n\n\n
\/etc\/network\/interfaces<\/code> file to add interfaces for each VLAN and a bridge corresponding to them which you can then use to connect network interfaces for your containers and VMs. Here’s an example below where enp4s0.1<\/code> is the VLAN interface for the Default VLAN, enp4s0.100<\/code> is the VLAN interface for the trusted VLAN, vmbr0<\/code> is the bridge interface that VMs and containers will connect to if they want a network interface connected to the default VLAN and vmbr2<\/code> is the bridge interface that VMs and containers will connect to if they want a network interface connected to the trusted VLAN:<\/li>\n<\/ul>\n\n\n\nauto lo\niface lo inet loopback\n\niface enp4s0 inet manual\n\niface enp4s0.1 inet manual\n\niface enp4s0.100 inet manual\n\nauto vmbr0\niface vmbr0 inet static\n address 192.168.11.2\/24\n bridge-ports enp4s0.1\n bridge-stp off\n bridge-fd 0\n bridge-vlan-aware yes\n bridge-vids 1\n\nauto vmbr2\niface vmbr2 inet static\n address 192.168.2.2\/24\n gateway 192.168.2.1\n bridge-ports enp4s0.100\n bridge-stp off\n bridge-fd 0\n bridge-vlan-aware yes\n bridge-vids 2-4094\n<\/code><\/pre>\n\n\n\n\n- On Ubuntu or Linux Desktop machines, if you want to experiment having a single physical interface support multiple VLANs, you can use a version of this script (must be run as root). Here
enp6s0<\/code> is the physical interface and we get access to VLANs the default VLAN 1 and trusted VLAN 100 through br1<\/code> and br2<\/code> bridges on the host:<\/li>\n<\/ul>\n\n\n\n#!\/bin\/bash\n\n# Create VLAN-aware bridges\nip link add name br1 type bridge\nip link add name br2 type bridge\n\n# Create VLAN interfaces on the Ethernet port\nip link add link enp6s0 name enp6s0.1 type vlan id 1\nip link add link enp6s0 name enp6s0.100 type vlan id 100\n\n# Add the VLAN interfaces to their respective bridges\nip link set enp6s0.1 master br1\nip link set enp6s0.100 master br2\n\n# Configure VLANs on the bridges\nbridge vlan add vid 1 dev br1 self\nbridge vlan add vid 100 dev br2 self\n\n# Bring up the interfaces\nip link set br1 up\nip link set enp6s0.1 up\nip link set br2 up\nip link set enp6s0.100 up<\/code><\/pre>\n\n\n\n\n- If you want to persist this on a Ubuntu or other netplan based distributions, here’s an example netplan yaml file that sets the same thing up, also preferring to route things through the trusted VLAN and only allowing the default VLAN as an access path to the VLAN subnet itself:<\/li>\n<\/ul>\n\n\n\n
network:\n version: 2\n renderer: NetworkManager\n ethernets:\n enp6s0:\n match:\n macaddress: AA:AA:AA:AA:AA:AA\n dhcp4: no\n dhcp6: no\n networkmanager:\n uuid: \"99999999-9999-9999-9999-999999999999\"\n name: \"Ethernet\"\n\n vlans:\n enp6s0.1:\n id: 1\n link: enp6s0\n dhcp4: no\n dhcp6: no\n\n enp6s0.100:\n id: 100\n link: enp6s0\n dhcp4: no\n dhcp6: no\n\n bridges:\n br0:\n interfaces:\n - enp6s0.1\n dhcp4: yes\n dhcp6: yes\n dhcp4-overrides:\n use-routes: false\n route-metric: 1000\n routes:\n - to: 192.168.11.0\/24\n via: 192.168.11.1\n metric: 100\n ipv6-address-generation: \"stable-privacy\"\n networkmanager:\n uuid: \"99999999-9999-9999-9999-999999999999\"\n name: \"Default VLAN\"\n\n br1:\n interfaces:\n - enp6s0.100\n dhcp4: yes\n dhcp6: yes\n dhcp4-overrides:\n route-metric: 10\n dhcp6-overrides:\n route-metric: 10\n ipv6-address-generation: \"stable-privacy\"\n networkmanager:\n uuid: \"99999999-9999-9999-9999-999999999999\"\n name: \"Trusted VLAN\"\n<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"You may want to expose a Linux machine\/server in your home to multiple VLANs to provide each VLAN with different services or allow access to that VLAN from the machine without having to go through the router. Here are ways in which you can do that on a machine with a single physical interface.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-501","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/nramkumar.org\/tech\/wp-json\/wp\/v2\/posts\/501","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nramkumar.org\/tech\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nramkumar.org\/tech\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nramkumar.org\/tech\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/nramkumar.org\/tech\/wp-json\/wp\/v2\/comments?post=501"}],"version-history":[{"count":1,"href":"https:\/\/nramkumar.org\/tech\/wp-json\/wp\/v2\/posts\/501\/revisions"}],"predecessor-version":[{"id":502,"href":"https:\/\/nramkumar.org\/tech\/wp-json\/wp\/v2\/posts\/501\/revisions\/502"}],"wp:attachment":[{"href":"https:\/\/nramkumar.org\/tech\/wp-json\/wp\/v2\/media?parent=501"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nramkumar.org\/tech\/wp-json\/wp\/v2\/categories?post=501"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nramkumar.org\/tech\/wp-json\/wp\/v2\/tags?post=501"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}