One real interface, one IP and many VLANs?

Hello

I have the following setup in my Fedora Core 1 box:

- one real interface eth0 with IP 192.168.0.10/24
- gateway address 192.168.0.1

I would like to have many VLAN interfaces (eth0.1 eth0.2 eth0.3 etc)
configured so I could use more than one VLAN tag. Tagging should be based
on netfilter marks. I have only one IP-address available.

I can mark IP-packets with netfilter mark (f.g. TCP80 with mark 1, TCP22
with mark 2) and then route those marked packets with iproute to the VLAN
interface (mark 1 to the eth0.1, mark 2 to the eth0.2 etc). Some of the
packets do not need to be VLAN tagged.

I know how to mark the packets and do the routing with iproute. What I don't
know is how to configure those VLAN interfaces so that the routing and
traffic would work.

What is the correct way to configure eth0 and eth0.1, eth0.2 and other VLAN
interfaces and do the routing? Could I tag packets without VLAN interfaces
(some iptables mangle kludge)?

I tried to configure eth0 as normal, with IP, netmask and gateway. Should I
leave VLAN interfaces without any IP-definitions? Should the iproute work
if VLAN interface does not have an IP?


This is what I have done but adding route fails without IP-address:
#vconfig add eth0 1
#echo "201 VLAN1" >> /etc/iproute2/rt_tables/sbin/
#/sbin/ip rule add fwmark 1 table VLAN1
#ip route add default via 192.168.0.1 dev eth0.1 table VLAN1
RTNETLINK answers: Network is unreachable

#vconfig add eth0 2
#echo "202 VLAN2" >> /etc/iproute2/rt_tables/sbin/
#/sbin/ip rule add fwmark 2 table VLAN2
#ip route add default via 192.168.0.1 dev eth0.2 table VLAN2
RTNETLINK answers: Network is unreachable


if I configure IP-address for the interface(s), "ip route add" goes without
warnings:
#ifconfig eth0.1 192.168.0.101 netmask 255.255.255.0
#ip route add default via 192.168.0.1 dev eth0.1 table VLAN1
(OK, no warnings)
but I don't have more that one address


I haven't found any documentation/howtos regarding this issue.

BR
Kimmo Koivisto