Devices on VLAN can't access the internet
-
@nilocretep said in Devices on VLAN can't access the internet:
Or is because I haven't really implemented any rules for VLAN10?
If you didn't put any rules on your interface - you wouldn't be able to ping. So your either pinging something else on the network with that IP or you have rules that allowing ping on your vlan 10 interface in pfsense.
When you create new interfaces, they don't have any rules - and no traffic would be allowed inbound into the interface..
If you want something on a new vlan your creating to access internet, you would have to allow for that in the rules - you would also need to allow for dns (internet isn't very good without that) and your outbound nat would have to account for this new vlan you created. This is normally done auto, unless you messed with the outbound nat rules and took it off automatic?
Why are you setting a manual IP on this device your using for testing - is dhcp not working. That points to connectivity issue in general if dhcp is enabled on this interface - when you enable dhcp server on an interface, pfsense auto creates rules to allow for dhcp even if you have no other rules on the interface. Your 2 mentioned IPs are different networks - so your using a /23 mask not /24?
Is it possible you setup /24 on pfsense, and your client you setup /23 - this could be a reason why outbound nat or other rules you setup are not working? etc.. There are always lots of pieces to any puzzle.. Without the details - its hard to tell what piece of the puzzle is missing to find the problem.
-
-
@nilocretep
With those rules you would be able to ping the LAN gateway and should also be able to get out to the internet.
Is outbound NAT set to auto?
Did the IoT network get added to it? -
@jarhead
I didn't put on a manual IP on the laptop. It was assigned one via dhcp from VLAN10. So at least that portion is working. All interfaces (LAN, VLAN 10, 20, and 30) all have a setup of /24.What configuration would I need to do for DNS?
-
@nilocretep
DNS would already work with those rules.
Just noticed you already posted outbound NAT and it's fine too.Do a packet capture on the WAN and try to get out from the IoT.
Do you see the packets leaving? -
@jarhead
Sorry for my ignorance; but how would I do that?
I can ping 8.8.8.8 successfully from my IoT laptop. If that helps. -
I'm starting to think this might be a part of the problem. I first implemented this when I setup Pfsense: https://arkojoardar.com/adguard-on-pfsense/
-
@nilocretep Yup, I bet you're right.
Disable it and see what happens. -
@jarhead
Yep, that was it.
Thanks for all your help! -
@nilocretep said in Devices on VLAN can't access the internet:
all have a setup of /24.
well why are you pinging 198.168.178.1 from 192.168.179.111 - why would you not ping the IP of pfsense on that interface? but yeah if that was another IP on pfsense rules allow it then sure you could ping it.
Also you rules for security cameras never going to allow anything - you have the source as the securitycamera address not the net.
