Static IP issues
-
@rcoleman-netgate at the minute I just have 1 basic rule on each of my vlans to allow connections on any protocol to any destination.
I figured I was better using this until I have everything up and running so I then have a good basis to work from when I change a rule and something breaks
-
@Polar_Bear88 That is.
Now I'd ping from the guest network to the Guest Interface IP (10.100.4.1) and see if it responds. If it doesn't then start a packet capture on that interface looking for the traffic (filter to icmp only so you can limit the amount of garbage collected) and if it is coming in and not going back out it's something on your system. If it is not coming in at all then it is something on your network.
-
@rcoleman-netgate Thank you. Ill report back once Ive done all the above steps
-
Here are my guest WiFi/VLAN rules. Guests can only access the Internet and ping the interface.
-
Ryan
Repeat, after me: MESH IS THE DEVIL! MESH IS THE DEVIL!
Requesting firmware for your Netgate device? https://go.netgate.com
Switching: Mikrotik, Netgear, Extreme
Wireless: Aruba, Ubiquiti -
If you are rejecting all RFC1918 requests then you cannot have an RFC1918 be the DNS or you have to give it a rule to pass to (this firewall) DNS traffic.
Ryan
Repeat, after me: MESH IS THE DEVIL! MESH IS THE DEVIL!
Requesting firmware for your Netgate device? https://go.netgate.com
Switching: Mikrotik, Netgear, Extreme
Wireless: Aruba, Ubiquiti -
@rcoleman-netgate said in Static IP issues:
@JKnott And Guests are always going to be on Static IPs?
No, guests are DHCP on IPv4 and SLAAC on IPv6.
What were the results of the ping?
????
As I mentioned, guests can ping the VLAN interface and nothing else on my network. Pings to the Internet are not blocked.
-
@rcoleman-netgate said in Static IP issues:
If you are rejecting all RFC1918 requests then you cannot have an RFC1918 be the DNS or you have to give it a rule to pass to (this firewall) DNS traffic.
I use DHCP to send guests to Google's DNS on IPv4, not mine. I also use RDNSS to provide Googles IPv6 DNS addresses. While guests have full access to the Internet, they can't do anything on mine, other than ping the guest interface.
-
@JKnott said in Static IP issues:
????
As I mentioned, guests can ping the VLAN interface and nothing else on my network. Pings to the Internet are not blocked.
Confused user posts.
-
Finally got a chance to play around a little more and its working as it should so all I can assume is that Im an idiot and after looking at the screen so long the other day I was misstyping and couldnt see it.
4 devices all set with their static IP's on the Home VLAN.
They can ping between each other, can ping 8.8.8.8 and can ping www.google.comNext time I get a chance to play around, I'll start trying t set up some better (more secure) firewall rules and other general security tweaks.
