Pfsense fresh install / No internet on VLAN's
-
@marcel1988 said in Pfsense fresh install / No internet on VLAN's:
Can you elaborate on that?
@Bob-Dig said : your first firewall rule on MAIN blocks RFC1918.
The 'definition' of RFC1918 is :
Blocks traffic from IP addresses that are reserved for private networks per RFC 1918 (10/8, 172.16/12, 192.168/16) and unique local addresses per RFC 4193 (fc00::/7) as well as loopback addresses (127/8). This option should generally be turned on, unless this network interface resides in such a private address space, too.
and your MAIN network falls right into RFC1918.
Your first firewall rule blocks all your 'LAN' (MAIN) traffic.
No traffic will match/ reach the second, pass all rule : the counters stay at zero.
The first rule does have matches : its blocking all your traffic coming into that interface. -
That rule is made since i did a checkbox on the "Block private networks and loopback addresses"
So when i disabled that checkbox, it should work?
-
@marcel1988 said in Pfsense fresh install / No internet on VLAN's:
That rule is made since i did a checkbox on the "Block private networks and loopback addresses"
So when i disabled that checkbox, it should work?
I tried that, but no change. The firewall rule is gone but there is stil no internet on VLAN10, 20, 30, or 40.
-
@marcel1988 I think you have to create firewall rules to allow traffic on your VLAN's))))
-
@Antibiotic said in Pfsense fresh install / No internet on VLAN's:
@marcel1988 I think you have to create firewall rules to allow traffic on your VLAN's))))
There is on the main. This is copied from the LAN firewall rule. (Same on all the VLAN firewall rules)
-
@marcel1988 Oh , did you setup Adguard as well. Could be wrong set up with DNS resolution. I think better to uninstall Adguard, than try with default unbound resolver.
-
@marcel1988 If you want to block something from kids you can use pfblockerNG more power ad blocker, than Adguard
-
first, this should be working WITH AdGuard home. SO no need to uninstall it.
second: pfblockerNG does not have specific blocking for app/websites with just one click.
-
@marcel1988 Ok , up to you. But it potential additional problem. If you aware that Adguard dns resolution working
-
@marcel1988 Did you set dns forwarding in Unbound settings?
-
@Antibiotic said in Pfsense fresh install / No internet on VLAN's:
@marcel1988 Did you set dns forwarding in Unbound settings?
This is what you mean? This is untouched and empty
-
Dnssec in case of forwarding should be disable!
-
@marcel1988 Not DNS forwarder, but Unbound dns resolver forward mode. I show my settings just as example for forwarding mode
-
-
That did nothing.
BUT, when i change the listen port back to 53, and changed the Network interfaces from Localhost to Any everything is working and the pc's are getting internet.
But, the can also communicate between eachother. -
@marcel1988
Idk how configured your Adguard server, looks like problem with a port listening. Localhost WAS IN MY EXAMPLE FOR MY SETTINGS, FOR AVOID PROBLEM FIRST SET TO DEFAULT IN NETWORK INTERFACE AND OUTGOING INTERFACE. -
@Antibiotic said in Pfsense fresh install / No internet on VLAN's:
@marcel1988
Idk how configured your Adguard server, looks like problem with a port listening. Localhost WAS IN MY EXAMPLE FOR MY SETTINGS, FOR AVOID PROBLEM FIRST SET TO DEFAULT IN NETWORK INTERFACE AND OUTGOING INTERFACE.Exactly like this toturial: Tutorial Adguard Home
-
@marcel1988
I did not read all, but this tutorial from 2020.Are you download this version v0.104.0-beta2? Did you try this command than dig @192.168.5.1 google.com.
Because last one is https://github.com/AdguardTeam/AdGuardHome/releases/tag/v0.108.0-b.55 -
@marcel1988 As I know this tutorial working
(https://bobcares.com/blog/adguard-pfsense/), if you want to use package not present in pfsense repo. But install packages outside of pfsense repo can lead to errors, incapability and potential security risks! -
With this install script, i can only see that "localhost" is doing the dns reqeusts. So there is no way anymore to block specific rules on specific users.