General Questions

[Config]

LS,
Fiber To The Home (FTTH) is arriving to my SOHO. This means that my M0n0 (soekris 5501) has to move to the other building on the other side of the one available cable. Furthermore FTTH provides the WAN on a Vlan so I have to rethink topology as well as configuration.

I started some testing for VLAN (on a separate M0n0 box).

I put LAN on VLAN30 on vr0 and connected vr0 to my intelligent switch (which is in building A). This works fine. I presume (I have no light yet) it will work for the WAN (NT in building B) as well.

The M0n0 has to move to building B and it would be nice if I could use the cable between buildings A & B as a TRUNK instead of (currently) LAN only. BUT the switch in B is dumb.

Thus I would like M0n0 to (un)scramble the VLAN and bridge all LAN traffic to an physical interface (vr2).

LAN => VLAN30 on vr0 Config address (192.168.30.200) only
WAN => VLAN6 on vr1  Config PPOE (cfrm ISP instructions)
LAN2 => vr2                 Config bridged with LAN

Basically this works but, as a bridge is not transparent for DHCP, I need M0n0 to provide DHCP op LAN2.

The webconfigurator does not show LAN2 under DHCP server nor onder DHCP relay.

Is there some trick I'm missing or is this a pipedream (and I buy the extra switch)?

TIA
Jaap

I understand what you are trying to do, and I will have nightmares tonight.  Just had to check the forums before going to bed...  Sigh...

The end result is that you will be doing some bad multi-netting.  So just go with it...

And a bridge IS transparent with DHCP.  However, when you have 2 DHCP servers on one local network (which is what happens when you multi-net like that) one of them stops talking.

To make this clean you have to;
Make your network one network and loose the multi-netting.
or
Run a second cable, or use a traffic splitter on the cable and say goodbuy to gigabit speeds.
or
Get a v-lan switch off eBay.  Trendnet has some good switches for very little money.

Your rest is insured , for production a new switch will be used.

Using a switch will not change the 'bad' topology, just the implementation.

My post is aimed at the specific implementation in M0n0wall:  'a bridge' happens to be a bridge in m0n0wall, specifically bridge0.

This bridge logs (firewall log) that it blocked the DHCP REQUEST broadcasts;

Last 50 firewall log entries
Act   Time   If   Source   Destination   Proto
[]
X   12:54:47.495602   LAN2   0.0.0.0, port 68   255.255.255.255, port 67   UDP
X   12:54:47.495659   bridge0   0.0.0.0, port 68   255.255.255.255, port 67   UDP
[]

This makes the (this one only?) bridge 'not transparent for DHCP'

What am I missing?

TIA
Jaap

Hmmm...  It looks like m0n0wall is blocking the multi-netted DHCP as it is not on the network that interface knows about.  Hard to follow, however, when you start to get these loops within loops...  You could disable the firewall completely on the bridge, but I am not sure that block is coming from the bridge interface.

Make sure you have selected

"Disable spoof checking on bridge"

In advanced setup

Make sure you have selected

"Disable spoof checking on bridge"

In advanced setup

I had the same problem, my wifi client could not get a DHCP lease from my windows DHCP server, the "Disable spoof checking on bridge" fix the problem.
Thanks!