That’s the message coming from my firewall to any packet destined for a vlan. Took me ages to work this out last time this happened, and it’s just happened again. What is it my Dad says about once a mistake, twice a fool.

I’m using firestarter as my firewall, it’s simple and works. Which is great as I’m no iptables wizzard. Sometimes too simple though.

As I’m no firewall wizzard I’m not sure what is happening, but I think it’s blocking all interfaces and ports but those ports on eth0 that I have told it leave open (port 22 (ssh) for example).

Being for simple configurations the help files can’t directly help. I did find a bit about adapting it for VPN connections in the advanced section and this was enough to hint that in /etc/firestarter/user-pre I needed the following lines:
$IPT -A INPUT -i eth0.+ -j ACCEPT
$IPT -A OUTPUT -o eth0.+ -j ACCEPT

The first line essentially says “ammend the firewall regarding input from any interface that has eth0. in it and accept it”. The second line deals with the output (but you guessed that already). It’s the + on the eth0.+ that tells the firewall to be flexible and cope with eth0.x (where x is any positive number) as they are created, and that exactly what happens on my computer. When I need access to vlan one I create eth0.1 and give it an ip and away I go, the same for eth0.2 and vlan two.

So at last I don’t have to shutdown my firewall every time I want to access a vlan.