Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DHCP no internet. Guest WIFI VLAN

    Scheduled Pinned Locked Moved General pfSense Questions
    4 Posts 2 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      Honest Bob
      last edited by

      Hey guys, I'm pulling my hair out here.

      I have a PFsense box with three nics. wan, lan, opt1 (guest wifi). I believe I have successfully setup vlan 666 for the guest network or I at least get a dhcp address with the correct ip (192.168.0.3), gw (192.168.0.1), subnet (255.255.254.0), and dns 8.8.8.8 I have a vlan interface setup on the 3com 2952 with the ip address of 192.168.0.253 that I can ping. I cant ping the gateway or the dns servers.

      I have attached a network diagram along with nat and firewall rules.

      I have a feeling I am missing maybe a static route in the switch or messed up the firewall or nat rules. I'm not sure whats required to be honest.

      Any help would be appreciated greatly. :)
      ![Screen Shot 2016-11-17 at 7.57.52 PM.png](/public/imported_attachments/1/Screen Shot 2016-11-17 at 7.57.52 PM.png)
      ![Screen Shot 2016-11-17 at 7.53.24 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2016-11-17 at 7.53.24 PM.png_thumb)
      ![Screen Shot 2016-11-17 at 7.53.24 PM.png](/public/imported_attachments/1/Screen Shot 2016-11-17 at 7.53.24 PM.png)
      ![Screen Shot 2016-11-17 at 7.59.44 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2016-11-17 at 7.59.44 PM.png_thumb)
      ![Screen Shot 2016-11-17 at 7.59.44 PM.png](/public/imported_attachments/1/Screen Shot 2016-11-17 at 7.59.44 PM.png)
      ![Screen Shot 2016-11-17 at 7.57.52 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2016-11-17 at 7.57.52 PM.png_thumb)

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        Your blocking rfc1918 on your guestwireless.. So how exactly would they do anything??

        Rules are evaluated top down, first to trigger wins..  Clearly all source IPs are going to be rfc1918 (192.168/16, 10/8, 172.16/12) so yeah pfsense going go drop those packets going anywhere.

        Also completely pointless to block bogon on a local interface..

        How is your vpn setup with a 10.8.0/24 and then you have a 10/8 on your lan??  Those overlap - that is borked!

        Why would your switch need a route???  Are you using it in layer 3 mode as a router?  If so then your doing even more wrong..

        Why do you have 2 connections going to your AP??

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • H
          Honest Bob
          last edited by

          @johnpoz:

          Your blocking rfc1918 on your guestwireless.. So how exactly would they do anything??

          Rules are evaluated top down, first to trigger wins..  Clearly all source IPs are going to be rfc1918 (192.168/16, 10/8, 172.16/12) so yeah pfsense going go drop those packets going anywhere.

          Also completely pointless to block bogon on a local interface..

          Good point! I undid that mess and it works now!

          How is your vpn setup with a 10.8.0/24 and then you have a 10/8 on your lan??  Those overlap - that is borked!

          I moved the vpn to a different subnet.

          Why would your switch need a route???  Are you using it in layer 3 mode as a router?  If so then your doing even more wrong..

          Why do you have 2 connections going to your AP??

          Only have one in reality. I meant to show both vlans going to the ap.

          Thanks for the pointers. Networking is not my strong suite. yet..

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by

            So you got everything work, if not just ask - here to help.

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.