No Internet access with VLAN via OPT1

jogovogo

@Gertjan

PS: However, this isn't really possible because the client receives the correct IP address from the DHCP circle for the Vlan.

Gertjan

@jogovogo

VLANs : can't tell, sorry, I'm lazy and old school. When I need more LANs, as my pfSense (4100) already has 6 interfaces, I wire them up. I stay away from VLANs as this needs VLAN capable 'smart' switches, and an exact matching config between pfSense and this switch, etc.

SteveITS

@jogovogo

ping on the address 192.168.151.1 also fails

This means the connection between the client and pfSense isn’t working since ICMP is allowed by firewall rule.

jogovogo

@SteveITS

But why do I get an IP address from the dhcp for Opt1?

cheers
ron

SteveITS

@jogovogo is the mask correct on the client/in DHCP settings?

Gertjan

@jogovogo said in No Internet access with VLAN via OPT1:

But why do I get an IP address from the dhcp for Opt1?

I'll add that behavior to the "VLAN switch isn't setup correctly" list.
The initial client initiated DHCP traffic is "broadcast" (probably not related).
You have activated the DHCP server on OPT1 ?
On the OPT1 connected device shown above, you can
(windows example) :

ipconfig /release

and

ipconfig /renew

?

jogovogo

@Gertjan

Hello, that works automatically. I've already made it so that it receives an address from the DHCP area right away after the release.

This is the case with two different machines.

Gertjan

@jogovogo said in No Internet access with VLAN via OPT1:

Hello, that works automatically ....

That's what you want to happen.
Never ever believe the "system". As the network admin, at all times, fact check everything

For example, red flags were already shown : The IP (192.168.151.11) looks ok. Mask and gateway also. But the 8.8.8.8 DNS is a fail.
So, my thoughts : some one set them up statically ? Or entered 'strange' settings in the DHCP server ?

jogovogo

@Gertjan

The 8.8.8.8 is only for testing; even if I use the machine to set the IP and as a DNS and gate, the 192.168.151.1 does not work.

jogovogo

My first surprise is that I'm now on the firewall, but why?

But still no access to the Internet...

jogovogo

Hello again!

The issue has been resolved, simply, by restarting the DNS resolver.

I just had another one, though; perhaps you could also respond to it?

NAT and VLAN

The port 2413 should be seen on 192.168.151.10. The corresponding rule is created automatically. Unfortunately, it does not function.

The "LAN " operates it without any intervention.

SteveITS

@jogovogo said in No Internet access with VLAN via OPT1:

restarting the DNS resolver

but:

ping on the address 192.168.151.1 also fails

...is not related to DNS.

In any case restarting DNS is necessary if a new interface has been added, because unbound didn't know about that IP when it started.

re: NAT, often the firewall on the server isn't set to allow traffic from any IP, only the local subnet or RFC1918.
https://docs.netgate.com/pfsense/en/latest/troubleshooting/nat-port-forwards.html may help.

jogovogo

@SteveITS

Hello, many thanks for your prompt response!

Indeed, ping has nothing to do with DNS.
I didn't notice it because I didn't even attempt it on one machine.

This is working now as well. We used pfBlockerNG, and the opt1 still needed to be defined in the Outbound Firewall Rules. Then once update via cron and now it works!

cheers
ron