-
done 2 or 3 installs before with no probs. this time…..????
here goes. after a factory reset (full install of 1.2.3-RC3), pfsense defaults to 192.168.1.1.
i do all the config etc and add vlans 20,21,22,23 on the lan interface.
lan interface is configured with dhcp 192.168.1.0/26
pc picks up ip from this and browses net.... so far, so good.
now we set vlan 20 up with 192.168.16.0/26 with pfsense on 192.168.16.1
dhcp set to 192.168.16.30-63
pc picks up vlan 20 and is assigned ip from pool. pc can ping loopback, ip address etc but not gateway. it can't connect to net.
firewall rule for vlan 20 is allow all - any protocol, source & destination.
pc just won't talk to pfsense. i'm stuck with this one. tried everything i can think of apart from a re-install with different firmware
any ideas anyone?dell sc1425 with 2 x intel gigabit.
-
now we set vlan 20 up with 192.168.16.0/26 with pfsense on 192.168.16.1
dhcp set to 192.168.16.30-63I don't know if this is the cause of your problem, but you have a configuration error here: DHCP shouldn't be assigning the subnet broadcast IP address (in your case 192.168.16.63) to any interface.
Mostly I use "static" DHCP addresses (tied to MAC addresses) so I haven't recently seen dynamic DHCP assignment from pfSense. DHCP on Linux sometimes assigns addresses from the top down and sometimes from the bottom up.
What IP address did your client on VLAN 20 get assigned? What gateway? Is this client connected to a switch port thats in VLAN 20?
-
As wallabybob said this sounds like a DHCP config issue to me on vlan 20, gateway perhaps. The obvious first thing to try is setting a static address on the pc to prove you at least the fundamentals working…
-
lan interface (no vlan)
interface name = em1
ip = 192.168.1.254/27vlan 20 interface
physical interface = em1
interface name = opt1
vlan id = 20
ip = 192.168.16.1/26dhcp server
opt1 = enabled
range = 192.168.16.30 - 192.168.16.63
all else left as default.so a pc which connects to vlan 20 gets:
ip = 192.168.16.63
subnet = 255.255.255.192
gw = 192.168.16.1
dns = 192.168.16.1so it all looks ok…...
ping 208.67.222.222 from pfsense (opt1) and we get a reply.
ping from pc...... no response. nothing registering on firewall either. -
so a pc which connects to vlan 20 gets:
ip = 192.168.16.63
subnet = 255.255.255.192
gw = 192.168.16.1
dns = 192.168.16.1so it all looks ok…...
Its not OK! You shouldn't have an interface with the subnet broadcast address. You either need to allow more bits of subnet addressing (e.g. make the network mask on opt1 25 bits allowing 7 bits for the sub net, or you need to reduce the upper range of the dhcp addresses from 63 to 62 or …
In an IP subnet there are two reserved addresses: the "0" address is reserved to identify the network while the "all 1's" address is the broadcast address. On the VLAN 20 subnet the network address is 192.168.16.0 and the broadcast address is 192.168.16.63 (the last 6 bits of the address are "all 1's".)
-
lol…... wood for trees comes to mind. my blinkers were on well and truly there and i failed to spot that. reduced the dhcp range to 62 and away it went.
think i got caught out by the way pfsense displays the available range 0-63. may have been better if it said 1-62.
but, many thanks for your help as it was starting to do my head in! cheers.