That’s the message coming from my firewall to any packet destined for a vlan. Took me ages to work this out last time this happened, and it’s just happened again. What is it my Dad says about once a mistake, twice a fool.

I’m using firestarter as my firewall, it’s simple and works. Which is great as I’m no iptables wizzard. Sometimes too simple though.

As I’m no firewall wizzard I’m not sure what is happening, but I think it’s blocking all interfaces and ports but those ports on eth0 that I have told it leave open (port 22 (ssh) for example).

Being for simple configurations the help files can’t directly help. I did find a bit about adapting it for VPN connections in the advanced section and this was enough to hint that in /etc/firestarter/user-pre I needed the following lines:
$IPT -A INPUT -i eth0.+ -j ACCEPT
$IPT -A OUTPUT -o eth0.+ -j ACCEPT

The first line essentially says “ammend the firewall regarding input from any interface that has eth0. in it and accept it”. The second line deals with the output (but you guessed that already). It’s the + on the eth0.+ that tells the firewall to be flexible and cope with eth0.x (where x is any positive number) as they are created, and that exactly what happens on my computer. When I need access to vlan one I create eth0.1 and give it an ip and away I go, the same for eth0.2 and vlan two.

So at last I don’t have to shutdown my firewall every time I want to access a vlan.

It seems to be fashionable to write (read: blog) about the wireless connection that people are using on the 747 half way over some big ocean.  Given that I’m not yet at the stage in my life where I jet around the world, I’m instead doing this from a train that is just on the border between England and Scotland.

First impressions weren’t that good.  The wireless connected fine and I fired up firefox.  Once loaded I was redirected to a page with a login link and links to other pages where I could get more information – except none of them worked but the login button.

Having logged in I then went to check my e-mail using web mail.  Several attempts later and it looks like GNER block access to certain ip addresses.  In the end I got round this by using ssh and looping through a server that I run a web site from.

Overall the speed isn’t too bad, some pages take quite a while, ping times aren’t that great.  At least it works and enables some people to get some work done, but by no means a service that allows you to get any real work done though.  The connection isn’t just up to it.

I’ve uploaded the pictures from last and this weekend into the gallery.