Route from pfSense to GL.iNet Slate not working

MrGlasspoole

@viragomann sure there are difficulties because I'm trying to make sense of all this:
https://www.linuxsysadmins.com/setup-vlan-on-pfsense/
https://www.wundertech.net/how-to-setup-vlans-in-pfsense/
https://techexpert.tips/pfsense/pfsense-vlan-configuration/

I never did setup VLANs before.

viragomann

@mrglasspoole
First you should learn the basics of VLANs to understand, what it is and how it works.

MrGlasspoole

Can't figure it out.
The Slate LAN port gets an IP from the pfSense LAN DHCP server or nothing.
I guess there is some setting wrong on the switch.
1 Interfaces_VLANs_Edit.png

2 Interfaces_Interface Assignments.png

3 Interfaces_VLAN10 (igb0.10).png

4 Firewall_Rules_VLAN10.png

5 Services_DHCP Server_VLAN10.png

viragomann

@mrglasspoole
Since the network 10.143.150.0/24 is on the LAN of the GL.iNet Slate, you cannot assign it to the WAN side as well, which you connect to pfSense.
Take any other network.

Also you include 10.143.150.1, which is the interface IP on pfSense, into the DHCP range.

On the switch one port is connected to pfSense, which is the LAN. Let's say this is port 1.
Then, let's say on port 3, you connect the GL.iNet Slate.

So both, 1 and 3 have to be assigned to VLAN10.
Port 1 as tagged, port 3 as untagged.
Additionally you need to set the PVID for port 3 to 10.

MrGlasspoole

Ok the Slate is now getting the IP 10.143.151.2 on his WAN port.

Now I did set the VLAN IP to 10.143.151.1/24 and the VLAN DHCP Server to 10.143.151.1 - 10.143.151.5

But there is still something missing.
The devices on the Slate have no internet access.
And I can't ping 10.143.150.1 (Slate LAN) from my workstation.

Is it right that the Slates WAN has 10.143.151.1 as Gateway and DNS Server? Or must it be 10.143.130.1 (pfSense)?

Is there something i need to to on the Slate? I guess not.

@viragomann said in Route from pfSense to GL.iNet Slate not working:

Also you include 10.143.150.1, which is the interface IP on pfSense, into the DHCP range.

Do you mean i did and its wrong or I have to?

viragomann

@mrglasspoole said in Route from pfSense to GL.iNet Slate not working:

The devices on the Slate have no internet access.

What IP does the device have?
Does the Slate masquerading (NAT) on outbound traffic?
I guess, it should do this, since you also want to connect to the internet, when the Slate is connected to your phone, right?

And I can't ping 10.143.150.1 (Slate LAN) from my workstation.

Does it allow access from outside of its subnet?

Is it right that the Slates WAN has 10.143.151.1 as Gateway and DNS Server? Or must it be 10.143.130.1 (pfSense)?

Yes, it uses pfSense for this.
But you need to allow access on pfSense. By default on a new interface nothing is allowed other as on LAN.
You need a firewall to allow internet traffic.

Also you include 10.143.150.1, which is the interface IP on pfSense, into the DHCP range.

Do you mean i did and its wrong or I have to?

Again, .1 is the interface IP of pfSense, so it shouldn't be part of the DHCP range.
But obviously pfSense is smart enough to not hand out its own IP.

MrGlasspoole

What i did was setting "DNS servers" in the VLANs DNS server to pfSense (10.134.130.1).

Then the Slate WAN is:
IP....................: 10.143.151.1
Gateway......: 10.143.151.1
DNS Server: 10.134.130.1

and internet on the Slate works.

From your explanation I need a "Allow DNS to pfSense" rule and the "DNS servers" in the VLANs DNS server is not needed?
Where do i need it?
This does not work (no internet on the Slate):

viragomann

@mrglasspoole
I suspect, you use the DNS Resolver on pfSense, which is enabled by default, but it isn't listening on the new interface IP.
You have to go into the Resolver settings and add the interface in the "Network Interfaces" box.

The shown rules should allow both DNS server IPs, since your second allows any protocol to any destination from the subnet.

BTW: For DNS you should allow "TCP/UDP" rather the UDP only.

MrGlasspoole

Funny
I can't reach the player behind the Slate from my workstation with the IP I did set (10.143.150.2).
But I can reach it with 10.143.151.2 ?

Also I can't reach the admin panels of my APs anymore (R7800 & WNDR4300).
But I can reach the Gigaset behind the WNDR4300 and the APs are working.

And this is the Slate:

MrGlasspoole

Can't figure it out.

Since i believe what i need is called router-on-a-stick i made Port 1 to pfSense a trunk.

But no matter what i try in the switch settings i cant open the Slate GUI (10.145.130.1) or the Player (10.145.130.2) on my Workstation.

Port 1: pfSense
Port 3: Slate
Port 6: Workstation

What is the correct setting: