Can't access VLAN20 from VLAN60 - Interface bound state help

johnpoz

@runevn no that would be correct.. 20 gateway should be pfsense IP in that 20 vlan, and 60s devices gateway should be pfsense IP in the 60 network.. I assume those are both .1 ?

runevn

@johnpoz said in Can't access VLAN20 from VLAN60 - Interface bound state help:

@runevn no that would be correct.. I assume those are both .1 ?

Yes, thet are both .1

johnpoz

@runevn I haven't moved to 24.03 yet.. But the change in state behavior should not have any thing to do with typical network talking to another network using pfsense as its gateway with only 1 path to talk back and forth.

Your not doing any policy routing are you - on the 60 and 20 interfaces do you have gateway called out in the rules, or just * where pfsense uses it normal routing table.

In your rules for these interfaces you didn't call out wan_dhcp as the gateway?

pst

@runevn You didn't specify what NAS equipment you are using, but I experienced exactly the same issue in my setup when I switched to 24.03. I run a Synology NAS, so it might be applicable to you, and for this setup to work you need to set "Enable Multiple Gateways" in Control Panel / Network / General / Advanced Settings. If that is not set you end up with assymetric routing just like @johnpoz said, as everything goes through your default gateway on the NAS.

pst

@runevn said in Can't access VLAN20 from VLAN60 - Interface bound state help:

I did some searching on the topic and found this topic on state policy but I don't know if that even relates to my issue and if so I can't find the setting for enable multi gateways

Ah, I see you found my thread from earlier. Yes it might apply, and if you run Synology then the specific setting is as I specified in my previous post.

runevn

@pst said in Can't access VLAN20 from VLAN60 - Interface bound state help:

@runevn I run a Synology NAS, so it might be applicable to you, and for this setup to work you need to set "Enable Multiple Gateways" in Control Panel / Network / General / Advanced Settings.

I don't know why but can't find the setting where I can enable multiple gateways. Could you be more specific where I can find it? Am I on the wrong setting section?

Screenshot 2024-04-27 at 10.57.02.png

Screenshot 2024-04-27 at 10.59.06.png

BTW - I'm using Trueness Scale Dragonfish-24.04.0

pst

@runevn said in Can't access VLAN20 from VLAN60 - Interface bound state help:

Could you be more specific where I can find it? Am I on the wrong setting section?

The change you need to do is not in pfSense, it is on the NAS.

pst

@runevn said in Can't access VLAN20 from VLAN60 - Interface bound state help:

I'm using Trueness Scale Dragonfish-24.04.0

I'm not familiar with that NAS, but I'll take a quick look if there a similar gateway option there.

pst

@runevn I can't see any setting for multiple gateways in the TrueNAS Scale documentation. From what I gather it should work if everything is set up "normally", confirm:

your NAS interfaces are configured using DHCP
pfSense provides the correct gateway address (check DHCP server setup)
you don't have default gateway specified in NAS Global Configuration / Default Gateway Settings, as that overrides the one given in DHCP (according to https://www.truenas.com/docs/scale/24.04/scaleuireference/network/globalconfigurationscreens/)

johnpoz

@runevn does your nas have more than 1 interface?

runevn

@johnpoz Yes, three different:

One management interface (GUI)
NFS share
SMB share

runevn

@pst said in Can't access VLAN20 from VLAN60 - Interface bound state help:

@runevn I can't see any setting for multiple gateways in the TrueNAS Scale documentation. From what I gather it should work if everything is set up "normally", confirm:

your NAS interfaces are configured using DHCP

pfSense provides the correct gateway address (check DHCP server setup)

you don't have default gateway specified in NAS Global Configuration / Default Gateway Settings, as that overrides the one given in DHCP (according to https://www.truenas.com/docs/scale/24.04/scaleuireference/network/globalconfigurationscreens/)

Thanks a million! You were right.

I had defined a default gateway and had a static IP address for the vlan 20 interface. I removed the default gateway and then set the storage vlan20 to get the IP from the DHCP server (I couldn't find a way to manually add a gateway per interface when using static IP.

But now it works.

Thanks for all the help @johnpoz and @pst.

pst

@runevn glad we could help :)

johnpoz

@runevn said in Can't access VLAN20 from VLAN60 - Interface bound state help:

You were right.

This brought to mind a line from Grateful Dead song ;)

"Well, I ain't always right, but I've never been wrong"

You get a cookie if you know what song, without having to look it up ;)

Dead on the Brain - My Dave's Pick 50 came in the mail today.. Always a good day when they come..

https://store.dead.net/en/grateful-dead/special-collections/daves-picks/daves-picks-vol.-50-palladium-new-york-city-ny-5377/081227817466.html

I always have subscription, so 4 times a year is like xmas ;)

Glad you got it sorted.

edit: soon to be 52, as soon as get it ripped and on plex ;)

edit2: make that 53, this shipment had the bonus disc.. Sweet! And hint that above line is from a song on the bonus disc ;)