Categories

  • Discussions about TNSR

    449 Topics
    1k Posts
    S

    I have a 2 TNSR routers connected to a pair of MLAG connected switches. I also have my own IPV4 subnet that is being announcec by BGP via Interface 1 on the first TNSR device. I have no problems at all right now, all of the servers on my network can access the internet and be accessed via their public IP address.

    What I am struggling with now is segregating clients into VLANs. When I create an access VLAN (22) for my client, I can no longer access the internet. My understanding is that I must create a bridge so that the VLAN22 can access the LAN interface with the gateway IP assigned. Each VLAN client will have a public IP from the single /24 subnet.

    When I followed the instructions for TNSR VLAN, nothing seemed to be problematic, but when I created the bridge things went wonky. Not only do the VLANs not work, but I also lose access to the non-VLAN devices.

    interface bridge domain 10
    flood
    uu-flood
    forward
    learn
    exit

    int Interface1
    bridge domain 10
    enable
    exit
    int Interface1.22
    bridge domain 10
    enable
    exit
    interface loopback bridgeloop
    instance 1
    exit
    interface loop1
    ip address 10.25.254.1/24
    bridge domain 10 bvi
    enable
    exit

    I did try changing the loop1 IP to my gateway IP and removing it from Interface1 but that didn't help. Maybe I am going about this wrong, but I need some guidance if possible.

    Thanks,
    Shawn

    For background:
    On TNSR device1:
    Interface1 is connected to a switch that carries my upstream BGP using a 10.34.14.0/24 address for now.
    Interface2 is the interface that has my gateway IP 23.x.x.x/24 and is also the port connected to the first switch.
    Interface3 is connected to a second switch and has no IP address

    TNSR device2 :
    Interface1 is connected to the switch that carreies the BGP but has no IP address and for all practical purposes is doing nothing

    Interface 2 is connected to the 2nd switch and has no IP address

    Interface 3 is connected to the first switch and has no IP address

    As you can see, the 2nd TNSR device is mostly sitting around doing nothing but eventually should be integrated in via VRRP or whatever I can get working.

  • Discussions about pfSense Software, click a category below

    120k Topics
    761k Posts
    N

    @patient0 Yes, the alias is of type "Host(s)".
    There seems to be some processing happening when an alias is created or modified, after the Save button is clicked. For example, if an IP address range is added e.g. 10.11.12.13-10.11.12.16 then it gets translated to 4 individual entries:
    10.11.12.13
    10.11.12.14
    10.11.12.15
    10.11.12.16
    which is as expected and as documented. If a description was added, that description is copied to all 4 individual entries.
    Now I'm wondering if my issue is an edge or corner case of this processing.
    The full history of this alias - in each case the alias was edited, not deleted and re-created from scratch:

    Version 1 - 2 hosts:
    IPv4 address #1 (without mask)
    FQDN (which the firewall resolves on the fly to one IPv4 address)
    Result: traffic from the FQDN forwarded as expected, traffic from the IPv4 not forwarded

    Version 2 - 3 hosts:
    IPv4 address #1 (without mask)
    IPv4 address #2 (without mask)
    FQDN (which the firewall resolves on the fly to one IPv4 address)
    Result: traffic from the FQDN forwarded as expected, traffic from both of the IPv4s not forwarded

    Version 3 - 3 hosts:
    IPv4 address #1 (without mask)
    IPv4 address #2 (without mask)
    IPv4 address of the FQDN (instead of the FQDN itself)
    Result: traffic from any of the IPv4s not forwarded

    Version 4 - 3 hosts:
    (deleted existing hosts and re-entered as below)
    IPv4 address #1 (with /32 mask)
    IPv4 address #2 (with /32 mask)
    IPv4 address of the FQDN (with /32 mask)
    Result: traffic from all IPv4s forwarded as expected

    Some notes:

    The IPv4s I used are all public, whereas the examples used in the documentation are all private If anyone wants to try to reproduce, I imagine any FQDN the firewall can resolve to a single IPv4 will work Maybe test using port forwarding rather than using the alias in some other context, in case the issue is specific to that

    For those who have followed along, thanks ;)

  • Discussions about pfSense software packages

    20k Topics
    127k Posts
    P

    @gm2005fl I can't recall using an API key, but your end system might be completely different for all I know :)

    My browsing history suggests I used this as base for my installation: https://homelabing.fr/pfblockerng-and-monitoring-pfsense-with-telegraf-influxdb-and-grafana/

    It's not the easiest of reads but might give you a clue to what could be wrong, hopefully.

  • Discuss pfSense in other languages

    43k Topics
    267k Posts
    W

    toujours rien tourver les stencils pfesense pour la visio

  • Information about hardware available from Netgate

    2k Topics
    20k Posts
    dennypageD

    @Nightwolf said in Netgate 6100 LAN crashes:

    Is anything logged when this happens?
    The system logs are not telling me anything. The log is full of lines from syslogd that are not responding.
    I have disabled syslog but I can't find the source of the problem.

    Do you have remote syslog enabled? If so, is the syslog server on the same interface that stops working?

  • Information about hardware available from Netgate

    44 Topics
    211 Posts
    AriKellyA

    It looks like unified web management could be coming soon. It would be great if it means easier control and management of all web services in one place. Let's see if any companies announce more details about it!

  • Feel free to talk about anything and everything here

    3k Topics
    19k Posts
    L

    @Wylbur Thank you!

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.