Preamble
My aim was to introduce some security into my home network by using subnets and vlans. The issue is I wanted to make my main fileserver accessible on each network, preferably not going via the router. Going via the router, rather than directly, puts load on the router for no reason.
Solution
Initially I used http://www.mybenke.org/?p=2373 excellent solution. This works effectively for bonds or single connections.
However As I began experimenting with virtual machines/docker I realised I had to enable open vswitch in order to route to the internal virtual machines/docker bridge. Turning on vSwitch means that all routing is now done in software and the overloading of the cards as before needs some tweaking to get it to work.
These links were useful but ultimately don’t provide a solution.
https://forum.synology.com/enu/viewtopic.php?t=141679
https://forum.synology.com/enu/viewtopic.php?t=133189
The issues are:
1) They talk about bonding via the command line but I only have 2 ethernet connections so once half the setup is done I would loose connection.
2) The overloading doesn’t survive a reboot.
I found you CAN create the bond/open vSwitch setup via the gui and doing the above still works.
However having done this it doesn’t survive a reboot. In order to do that you need modify the /etc/rc.network file. Add
[js]
is_ovs_child_interface ()
{
unset OVS_PARENT
ifconfigFile=”/etc/sysconfig/network-scripts/ifcfg-$1″
if ! source “$ifconfigFile” ; then
return 1
fi
if [ ! -z $OVS_PARENT ]; then
return 0
fi
return 1
}
[/js]
And change activate_ovs as below. It does work, but note it’s a little broken as generates an ovs_ovs_ovs_ovs… file in the network directory. I didn’t bother to fix it.
[js]
activate_ovs ()
{
[ $# -ne 0 ] || return
if ! is_ovs_enable; then
return 0
fi
#If the external interface has been remove.
#Remove the ifcfg of ovs and modify the ovs_interface.conf.
local tmpdev=`/bin/grep -v ovs /proc/net/dev | /bin/grep ${1##ovs_}` > /dev/null 2>&1
if [ -z “$tmpdev” ] && ! is_ovs_child_interface “$1” ; then
ovs-vsctl del-br $1
sed -i.bak “/${1##ovs_}/”d /usr/syno/etc/synoovs/ovs_interface.conf
rm /etc/sysconfig/network-scripts/ifcfg-$1
return 0
fi
ifconfigFile=”/etc/sysconfig/network-scripts/ifcfg-$1”
if ! source “$ifconfigFile” ; then
return
fi
check_exist_ovs $1
if ! is_ovs_child_interface “$1” ; then
/bin/ovs-vsctl add-br $1
fi
if is_ovs_child_interface “$1” ; then
/bin/ovs-vsctl add-br $1 $OVS_PARENT $OVS_VLAN_ID
fi
set_ovs_mac_address $1
for device in `grep -l “^BRIDGE=$1$” /etc/sysconfig/network-scripts/ifcfg-*` ; do
DEVICE=`basename ${device} | cut -d ‘-‘ -f 2`
# Config bridge of wlan in /etc/hostapd/hostapd.conf and controlled by hostapd (activate_ap)
find=`echo “${DEVICE}” | grep -c wlan`
if [ $find -eq 1 ]; then
# only wired interface will be added to bridge as a slave
# wlan interface should be handled by synowifid
continue
fi
$SYNONET –set_ip -4 $DEVICE flush
/sbin/ifconfig $DEVICE up
echo 1 >> /proc/sys/net/ipv6/conf/${DEVICE}/disable_ipv6
/bin/ovs-vsctl add-port $1 ${DEVICE}
#Set MTU
MTU_VALUE=`get_mtu_value ${DEVICE}`
MTU=”” ; [ -n “${MTU_VALUE}” ] && MTU=”mtu ${MTU_VALUE}”
ifconfig ${DEVICE} ${MTU}
done
start_ovs_vlan $1 $ifconfigFile
setup_ovs_default_flow $1
/sbin/ip link set dev $1 up
return 0
}
[/js]
I didn’t go on to fix this as I decided this configuration is definitely not supported and would probably require reapplying on a system update. I don’t want the overhead of maintaining this. This has lead me to the purchase of a layer 2+ (layer 3) switch.
Apologies this post isn’t a perfect description how to do the above, but I am writing this a few months later, but if you get stuck please feel free to drop me a line.
conclusion
You can do it, but definitely not synology supported, and a new piece of hardware is a lot better.