Get internet on one LAN interface
-
@johnpoz honestly do not know what is impacting the configuration here.
But one thing is for sure, I am pinging this 10.0.10.1. Because if I disable it, ping doesn't work anymore.
Regarding the WAN, that is no problem here. This is my homelab, so firewall rules and security is not something that is to worry about much :)
So let us start over.
I need these 7 VLANs for my testing. What do you propose the configuration should be?
What should I change, and what rules should I create?
I think it is easier to start from scratch than try to do this.
And thanks again for the support.
-
@stoneedge First thing to do is get that /32 off your LAN interface.
-
@jarhead done already, changed for 192.168.0.1, since my WAN is 192.168.1.0x
-
@stoneedge said in Get internet on one LAN interface:
know what is impacting the configuration here.
what are the rules on the interface, you have only shown your lan... What is your outbound nat? Do you have any rules in floating.
You say you can ping - so what exact rules do you have on this interface?
your lan and management overlap - pfsense should of never let you even set that..
And yes that /32 is wrong..
If you say you can ping 10.0.10.1 from some device on this network 10.0.10.x then can this device do dns? Use nslookup, dig, host do you get an answer? Where are the clients pointing to for dns, again what are the rules on interface on pfsense?
When you do a traceroute to 8.8.8.8 what do you get back, etc..
-
@stoneedge said in Get internet on one LAN interface:
@jarhead done already, changed for 192.168.0.1, since my WAN is 192.168.1.0x
Not what I meant, just set it to none. You aren't using the LAN so no need to address it.
Without an address it basically becomes a "trunk" port which is how you're using it anyway. -
@johnpoz said in Get internet on one LAN interface:
@stoneedge said in Get internet on one LAN interface:
know what is impacting the configuration here.
what are the rules on the interface, you have only shown your lan... What is your outbound nat? Do you have any rules in floating.
I have no more rules in the other LANs.
You say you can ping - so what exact rules do you have on this interface?
your lan and management overlap - pfsense should of never let you even set that..
And yes that /32 is wrong..
Yes, but it did allow me to do it. But after I change the IP on the LAN 15 to 10.0.100.1 to test the pings, when I try to change back to 10.0.10.1 then I get an overlap with 10.0.10.2
If you say you can ping 10.0.10.1 from some device on this network 10.0.10.x then can this device do dns? Use nslookup, dig, host do you get an answer? Where are the clients pointing to for dns, again what are the rules on interface on pfsense?
DNS inside that network 10.0.10.x is done be a Windows VM that I created. But as I said in the beginning none have internet. That was my initial problem. To add internet to the LAN 15 10.0.10.x
-
@stoneedge said in Get internet on one LAN interface:
I have no more rules in the other LANs.
Let me say this yet again - if you have no rules on the interface.. Then your not pinging that IP on that interface, not from that network.. your just not..
If you want network X to be able to do anything, then you have to have rules on network X interface..
To add internet to the LAN 15 10.0.10.x
You need rules to allow that on the lan 15 interface
Do you have rules in the floating tab?
-
@johnpoz Yes but I was able to ping. That is 100% for sure. Because after I remove the 10.0.10.2 I cannot ping 10.0.10.1 anymore. And like I said when I change from 10.0.10.1 to 10.0.100.1 I was also not able to ping. Only when I change back to 10.0.10.1 it was pinging. So I was pinging that IP for sure. Directly, or by routing I don't know.
So since I change and remove the 10.0.10.2 now(and set the IPv4 Configuration Type to none) I cannot ping again.
Could it be the rule that I have in the LAN when all IPV4 is none/none?
But as I said, we can forget all about the previous configuration and start fresh.
I already remove the 10.0.10.2 from LAN and now on LAN 15 what rules do I need to create to route this network?
-
@stoneedge said in Get internet on one LAN interface:
rules do I need to create to route this network?
you don't need any rules to create routes. But you need rules to allow traffic.. What traffic do you want to allow? To get things working I would start with a any any rule.. Make sure you can get to the internet, your other vlans. And then lock it down how you want.
I have no idea what you were doing before, maybe you were not vlaned how you think and you coming in on the lan network rules?
But if your on network X, and talking to interface X on pfsense and there are no rules to allow ping - then your not going to be able to ping it.
-
@johnpoz I only need internet on the WAN(that I have) and Management subnet(don't have), nothing else.
The rest of the VLANs will only connect to interfaces on the same subnet. They should not connect to other VLANs(that is the point of me using pfsense. and having more VLANs and DHCP per subnet on my network).
