Pfsense fresh install / No internet on VLAN's
-
Hardware:
Proxmox 8.2.2
VM - PfSense 2.7.2-Release
1x TP-Link TL-SG1016DE
1x TP-Link TL-SG108E-Gigabit (8-poorts)
1x TP-Link TL-SG105E-Gigabit (5-poorts)Settings VM in Poxmox:
I have made some VLANS inside PfSense:
These are the settings of the VLANS (All are the same exept for the ip address)
Then i have added them to the interfaces:
I have edited them so they have a DHCP server:
(All of the settings are the same on each VLAN)
This is the IP Range of alle the VLANS:
VLAN 10 = Main network. 192.168.10.1
VLAN 20 = Kids network. 192.168.20.1
VLAN 30 = Security network. 192.168.30.1
VLAN 40 = Guest network. 192.168.40.1There is no intereconnection between the VLANS, So that is working like i want to have it. But there is also no internet access on the VLANS either.
I can ping 8.8.8.8 or 1.1.1.1 but when i try to ping google.nl there is no answer. These are the firewall setings/Rules (They are all the same on each VLAN)
I dont know why, but at this point only the devices that are outside the VLAN (So on the native VLAN1) have internet without any problems.
The settings in the TP-LINK swichtes are right, since the devices inside the vlan are getting the right Ip Addresses.
The only thing i have changed in the basic setup is that i have installed AdGuard Home by this tutorial: Installing AdGuard Home on PFSense
Where is my mistake
-
@marcel1988 said in Pfsense fresh install / No internet on VLAN's:
Where is my mistake
You block private Addresses on your LAN?
What do your Clients use for DNS?If it doesn't work, it is probably your proxmox.
-
@Bob-Dig said in Pfsense fresh install / No internet on VLAN's:
You block private Addresses on your LAN?
What do your Clients use for DNS?If it doesn't work, it is probably your proxmox.
Can you elaborate on that?
if you want screenshots just let me know of which page and i will provide them.
For the DNS on the clients, they get a Gateway and DNS address of the VLAN. 192.168.10.1 192.168.20.1 and so on.
My DNS is working on the PfSense itself (Like i linked the tutorial for it)
So that is working on 192.168.1.1 -
@marcel1988 said in Pfsense fresh install / No internet on VLAN's:
Can you elaborate on that?
@Bob-Dig said : your first firewall rule on MAIN blocks RFC1918.
The 'definition' of RFC1918 is :
Blocks traffic from IP addresses that are reserved for private networks per RFC 1918 (10/8, 172.16/12, 192.168/16) and unique local addresses per RFC 4193 (fc00::/7) as well as loopback addresses (127/8). This option should generally be turned on, unless this network interface resides in such a private address space, too.
and your MAIN network falls right into RFC1918.
Your first firewall rule blocks all your 'LAN' (MAIN) traffic.
No traffic will match/ reach the second, pass all rule : the counters stay at zero.
The first rule does have matches : its blocking all your traffic coming into that interface. -
That rule is made since i did a checkbox on the "Block private networks and loopback addresses"
So when i disabled that checkbox, it should work?
-
@marcel1988 said in Pfsense fresh install / No internet on VLAN's:
That rule is made since i did a checkbox on the "Block private networks and loopback addresses"
So when i disabled that checkbox, it should work?
I tried that, but no change. The firewall rule is gone but there is stil no internet on VLAN10, 20, 30, or 40.
-
@marcel1988 I think you have to create firewall rules to allow traffic on your VLAN's))))
-
@Antibiotic said in Pfsense fresh install / No internet on VLAN's:
@marcel1988 I think you have to create firewall rules to allow traffic on your VLAN's))))
There is on the main. This is copied from the LAN firewall rule. (Same on all the VLAN firewall rules)
-
@marcel1988 Oh , did you setup Adguard as well. Could be wrong set up with DNS resolution. I think better to uninstall Adguard, than try with default unbound resolver.
-
@marcel1988 If you want to block something from kids you can use pfblockerNG more power ad blocker, than Adguard
-
first, this should be working WITH AdGuard home. SO no need to uninstall it.
second: pfblockerNG does not have specific blocking for app/websites with just one click.
-
@marcel1988 Ok , up to you. But it potential additional problem. If you aware that Adguard dns resolution working
-
@marcel1988 Did you set dns forwarding in Unbound settings?
-
@Antibiotic said in Pfsense fresh install / No internet on VLAN's:
@marcel1988 Did you set dns forwarding in Unbound settings?
This is what you mean? This is untouched and empty
-
Dnssec in case of forwarding should be disable!
-
@marcel1988 Not DNS forwarder, but Unbound dns resolver forward mode. I show my settings just as example for forwarding mode
-
-
That did nothing.
BUT, when i change the listen port back to 53, and changed the Network interfaces from Localhost to Any everything is working and the pc's are getting internet.
But, the can also communicate between eachother. -
@marcel1988
Idk how configured your Adguard server, looks like problem with a port listening. Localhost WAS IN MY EXAMPLE FOR MY SETTINGS, FOR AVOID PROBLEM FIRST SET TO DEFAULT IN NETWORK INTERFACE AND OUTGOING INTERFACE. -
@Antibiotic said in Pfsense fresh install / No internet on VLAN's:
@marcel1988
Idk how configured your Adguard server, looks like problem with a port listening. Localhost WAS IN MY EXAMPLE FOR MY SETTINGS, FOR AVOID PROBLEM FIRST SET TO DEFAULT IN NETWORK INTERFACE AND OUTGOING INTERFACE.Exactly like this toturial: Tutorial Adguard Home
