VLAN to WAN
-
Did you create appropriate firewall rules to allow users on the VLANs out?
-
Yes. There is a screenshot on VLAN 3.
-
Hello, I'm sorry but I do not speak English. I'm using google translator.
I'm not getting. VLANs are not my internet.
I created a rule equal to the Dragon II but did not work.
I think it has something to be done before this, there in NAT. What do you think?
-
Do you both actually have a VLAn capable switch and the port going to the pfSense configured as trunk for the VLANs in question?
-
Do you both actually have a VLAn capable switch and the port going to the pfSense configured as trunk for the VLANs in question?
Thanks.
yes.
I want to:
1 - All access to VLANs interntet
2 - All VLANs isolated. A VLAN can not access the other. This step you have helped me a few days ago.
-
To facilitate the search for help
Screenshots
 -
Do you both actually have a VLAn capable switch and the port going to the pfSense configured as trunk for the VLANs in question?
Pfsense =
fxp0 = wan > 192.168.1.254 gw: 192.168.1.1
rl0= Lan > 172.168.2.1
xl0= VlansMy switch is a 3Com 4226T.
Is configured as:
Vlan Default = 1,4-23,25-26 Untagget 24 Tagget
Vlan 2 (A22) = 2 U 24 T
Vlan 3 (A28) = 3 U 24 Tnetwork cable connected between pfsense (xl0 - vlans) and port 24 (switch)
network cable connected between host-vlan2 and port 2 (switch)
network cable connected between pfsense (fxp0 - Wan) and Cable Modem.Get successfully ping the VLAN for ip´s Wan + gw e Lan
I can not ping addresses for public (internet)
Thanks.
-
172.168.0.0/10 is AOL address space. You shouldn't use this on your LAN interface. You're probably looking for something inside 172.16.0.0/12 (or just mistyped the post).
Don't use VLAN 1 for any tagged traffic. I seem to recall that these 3com switches don't behave nicely when you do that, and it's generally a bad idea anyway. Don't mix tagged and untagged traffic on xl0; you said you wanted rl0 for LAN, so set that in the Interface assignment.
Do you have automatic NAT rule generation enabled?
-
172.168.0.0/10 is AOL address space. You shouldn't use this on your LAN interface. You're probably looking for something inside 172.16.0.0/12 (or just mistyped the post).
Don't use VLAN 1 for any tagged traffic. I seem to recall that these 3com switches don't behave nicely when you do that, and it's generally a bad idea anyway. Don't mix tagged and untagged traffic on xl0; you said you wanted rl0 for LAN, so set that in the Interface assignment.
Do you have automatic NAT rule generation enabled?
Thanks.
The ip of my LAN is 172.16.2.1. My NAT is enabled automatically.
In that I am missing to make the internet for VLANs?
I have 3 interfaces as described.
You think I have only one interface to the port of Tagged and another switch for VLANs (untagged)? This will solve my problem of internet in VLANs?
Remembering that I do not speak English. I'm using google translator.
-
I think you need to stop using id 1, switch that to another id like 10. ID 1 is special and some equipment treats it differently, it's not a good idea to use it for anything.
Your configuration is okay I think. Can your VLAN clients ping their gateway (pfSense VLAN ip)?
-
I think you need to stop using id 1, switch that to another id like 10. ID 1 is special and some equipment treats it differently, it's not a good idea to use it for anything.
Your configuration is okay I think. Can your VLAN clients ping their gateway (pfSense VLAN ip)?
Yes, all VLANs are ping their gateways. Ping ip's not for the Internet.
-
Did you enable advanced outbound NAT?
(Firewall –> NAT --> outbound --> "Manual Outbound NAT rule generation (Advanced Outbound NAT (AON))"
-
Did you enable advanced outbound NAT?
(Firewall –> NAT --> outbound --> "Manual Outbound NAT rule generation (Advanced Outbound NAT (AON))"
Automatic outbound NAT rule generetion (IPsec passthrough)
