HIPAA only requires that you make reasonable accommodations for security. This may not be a requirement to separate traffic, but I would recommend you do so anyway as this isn't something that end users would see. This can also help or hurt future troubleshooting depending on the issue.

Personally, I'd separate the traffic.

For troubleshooting purposes, the firewall allows all traffic between vlans. Windows firewall is disabled as well as any antivirus traffic. The mdns traffic is being forwarded from the iot vlan to my home network vlan. That is why the devices are visible in Chrome and Videostream. But only those two are seeing the devices. No other players such as VLC, or WMP can see them.

@solaris81 Thank you what you have here describe i did that also see the screenhosts, Also this is well the good function. I found where it goings wrong. It was the Turnk port 0 which i must open on my HYPERV adapter... everything works now fine.

Problem solved, it was the HYPERV netwerkadapter Trunk ports..

Yeah what he is talking about is this

https://en.wikipedia.org/wiki/Multicast_routing

Completely different ball game to be honest ;) This is NOT what the OP was talking about.. not at all!!

HA+LACP.png

@mcury said in SMB - Windows share over vlans:

Yes, run in the server, or in pfsense interface connected to the server.
I presume those 10 networks are /27, /28 /29 right?

A /26 or less would give you routing issues due to network overlap.

Just realized that the networks are different, my mistake, disregard the quoted info.

Nice, good that is now working.
Even better, now you have more tools to troubleshoot problems in the future.

Thanks for the feedback. I'm reading the "book" on pfSense as I go. I'm starting to get the way it works.

yeah indeed I just needed to tag the port on the switch to the corresponding vlan. I figured it must have been something super simple that I was missing 🤦

thanks guys!

Great - any questions just ask, here to help.

Remember get those smart switch(es) on order! ;)

Correct... If your sending it to switch sure just tag everything.. This common... But there is nothing saying 1 of those can't be untagged.. There is nothing wrong with it, you just need to understand what your doing.

And it sure and the F is not less secure...

Say for example was going to plug my AP into that port on the firewall.. And for its management network it has to be untagged.. How would it work if tagged everything on the port on the firewall.

Switch don't care, port don't care - it just needs to know what it tags or doesn't tag... When you put more than one vlan on a port.. Only 1 can be untagged, rest tagged, or all of them tagged... Makes no difference.. You just can not expect to run more than 1 untagged network on a port..

Got it. Once again thank you. I know what i need to do now.

I don't know why you're getting 2 MAC addresses.

Because of some weird issue in the firmware?

Given they're sequential, they are likely from the same device.

That has to be the case.

What does Packet Capture show.

I have not captured any packets so far, but I will.

One thought, do you have a static mapping configured for that address, but with the wrong MAC?

I do have a static mapping for MAC address: 50:c7:bf:3d:4b:48 .

Also, that capture of the AP status shows modes b,g & n listed, which means you have all of those enabled. Mine shows n only. I have configured it that way, as all my devices are capable of using n. You can change the mode on the Wireless Settings page.

Mea maxima culpa! Setting corrected now.

Yeah that was there reasoning behind not being able to remove vlan 1 ;) Now that you can remove vlan 1 from ports - you should be able to limit from what network you can access the switch gui from.

UPDATE *
I did more test today and I don't understand why pfblocker NG causes the issue on my VLAN but not my LAN since both networks are assigned to the same interface and screened by the same rules under pfblockerNG... The IP was white listed therefore it should not be an issue in my opinion...

@BBcan177 Maybe you can shed some light on my issue if you have time, I would appreciate that. :)

Thanks in advance!

Okay I'll write what's causing this behaviour. It has nothing todo what the different masks, using pfsense as a wireless-bridge, using bridged interfaces, routing or whatever. Basically it because Linux hosts have default kernel-setting "reverse path filtering" enabled. This can be temporary disabled (untill next reboot) by sudo sysctl -w 'net.ipv4.conf.all.rp_filter=0. Now I understand why it happened. So you have to take that into account.