Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    General network setup doesn't feel right

    Scheduled Pinned Locked Moved
    Off-Topic & Non-Support Discussion
    2
    3
    1.2k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      Jerreke
      last edited by

      So after skimming through posts and attempting to understand the issue with my limited networking knowledge i'm hoping to get some more insights here.

      The final goal of my entire setup is to have a dedicated server running the networking parts ( currently only pfsense but it will be expanded) and having the firewall controll all traffic for the differen vlan's including all the pc's in my home network )

      I'm currently trying to set up PFSense on a VM in esxi 7. Ith has 2 physical NIC's assigned to it. 1 is configured as the WAN side and goes out to my ISP router and get's its IP from there. The other side is my LAN connection and goes out to my switch ( a cisco 2960G ) The install worked and everything spun up.

      It is the networking side i'm not confident in that is configured correctly. The WAN side works perfectly no issues there for the moment.

      The LAN side on the other hand has given me some trouble. On the switch I have 5 vlans setup. The only one in use at the moment is VLAN 10 which is my management vlan. it should only work with an IP range of 10.1.1.0/24.

      Ports 1 to 4 are assigned to this vlan and the management interface of the switch is 10.1.1.2 ( static ip for the time being )
      Port 24 is configured as a trunk port on the switch side allowing VLAN 10. The native vlan for all vlans is set to 200.

      On the ESXI side I have the 2 physical nics &ssigned to 2 virtual switches ( one to the WAN side and one to the lan side ) The lan side is connected to port 24 on the physical switch

      I created a WAN group and added the WAN switch to it. I also created a LAN group and added the LAN NIC to it. I then created a group for VLAN 10, VLAN 200 and VLAN 4095.

      inside the console of PFsense I first gave the LAN side a IP of 10.1.200.1 / 24 ( I didn't want to have it on the same range as my MGMT vlan ) but this didn't work since I was unable to reach it from a laptop plugged in on the switch ( IP 10.1.1.10 ) which would be logical since they aren't on the IP range. But my guess was that it should be reachable since it was sent trough a trunk an an untagged request ( like I said my networking knowledge is limited so I might be completely wrong here )

      This setup didn't allow me to connect to the web interface of pfsense. After about 2 days of messing arround I finally changed the ip to something within the vlan 10 range (10.1.1.6). It still didn't work. Only after adding the LAN group in ESXI to VLAN 10 things started to work. so currently it looks like this:
      b3af1a0c-719c-4c6d-9cb6-12bf83eac7e9-image.png
      But this doesn't seem right. I was under the understanding that I could leave the LAN group without a vlan ID and the trunk protocol would allow me to connect to the VM from inside any of the connected vlans ( at least at startup untill I defined rules )
      I am now able to connect to the pfsense webUI but i'm not sure of it is now doing what I was trying to accomplish.

      If anybody would be able to help me get a better understanding and point out some of the faults that would be great.

      S 1 Reply Last reply Reply Quote 0
      • S
        SteveITS Rebel Alliance @Jerreke
        last edited by

        @jerreke Did you add a firewall rule on the VLAN interface(s) to allow access to the web GUI? LAN defaults to "allow any" but all other interfaces have no default rules so only have the default block.

        Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
        When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
        Upvote 👍 helpful posts!

        J 1 Reply Last reply Reply Quote 0
        • J
          Jerreke @SteveITS
          last edited by

          @steveits I didn't have that rule set initially but after some searching I found a guide on setting up a PFSense firewall for basic use ( wasn't build for use within a VM ) but that one did request the addition of the any rule. After doing the configuration i'm still not able to access the PFSense interface ( to do the initial config I just pulled out the trunk and connected a laptop directly which worked instantly ) So i'm 90% sure the config on the firewall should work so now it's to the drawing board of the esxi and trunk setup. Sadly most guides show it as being super simple yet on my side it doesn't seem to work 😬
          The setupb like above also went out of the window since it wouldn't have worked the way I wanted to set it up. My MGMT now has a 10.1.10.0/24 IP range. The PFSense is on 10.1.1.1 which should be the LAN interface without any vlan tagging. So tomorow it's figuring out what wrong on either my switch trunk or on the ESCI network setup.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post