[RESOLVED] VLAN interfaces as LAN doesnt work
-
Hi,
I just installed PfSENSE b4 (12/17 snap) in a new office. We have few VLAN we need to give they access to internet and dmz servers.
I configured one VLAN interface as LAN and other VLAN interface as OPT int (wan interface is connected to internet trought a cisco router). Network cards are old intel pro/100 pci.
Trunk port and switch access ports are already configured.
My problem is on the lan interface (VLAN 10), PC are getting correctly IP address from pfsense dhcp server, they can ping to pfsense, but they cannot go to the internet. Trace and ping to external network dosen't work.
Seems a bug in 2.0. Can some one help me to debug the problem? Firewall log are fine, no errors and no blocks.
Please help
mac
-
Can this problem be hardware related?
-
My problem is on the lan interface (VLAN 10), PC are getting correctly IP address from pfsense dhcp server, they can ping to pfsense, but they cannot go to the internet. Trace and ping to external network dosen't work.
Please give an example of the command and response.
Maybe you have name server issues, but you will need to provide more details of what you are doing and what happens. (There is useful information in those error reports.)
-
Plain simpe, I can connect to the firewall but cannot go trought it.
Pfsense vlan interface is 10.10.10.1, providing dhcp (dhcp is working, giving IP,DNS,GW pointing to 10.10.10.1).
Below the output:
MacBook-Pro:~ steve$ traceroute 8.8.8.8
traceroute to 8.8.8.8 ( 8.8.8.8 ), 64 hops max, 52 byte packets
1 * * *
2 * * *
3 * * *
4 * * *
5 * * *
…MacBook-Pro:~ steve$ ping 10.10.10.1
PING 192.168.30.1 (10.10.10.1): 56 data bytes
64 bytes from 10.10.10.1: icmp_seq=0 ttl=64 time=8.823 ms
64 bytes from 10.10.10.1: icmp_seq=1 ttl=64 time=8.639 ms
64 bytes from 10.10.10.1: icmp_seq=0 ttl=64 time=8.823 ms
64 bytes from 10.10.10.1: icmp_seq=1 ttl=64 time=8.639 ms
...MacBook-Pro:~ steve$ nslookup www.apple.com
Server: 10.10.10.1
Address: 10.10.10.1#53Non-authoritative answer:
www.apple.com
Name: e3191.c.akamaiedge.net
Address: 2.17.109.15output of:
require_once("globals.inc");
var_dump(get_nics_with_capabilities("vlanmtu"));array(1) {
[0]=>
string(3) "fxp"}Any advice??????
Thanks
-
Ok, i meesed up the things >:(.
Problem was that Captive Portal was inadvertitely enabled and not working.
Upgrading to the last snapshot resolved the problem.The strange thing is that until 12/17 snapshot, to make Captive portal work, i was forced to execute:
/sbin/sysctl net.inet.ip.fastforwarding=1
Now in the last snapshot, with VLAN interface, i need to set:
/sbin/sysctl net.inet.ip.fastforwarding=0 (the default value)
Thanks
Happy new Year! -
Ok, i meesed up the things >:(.
Problem was that Captive Portal was inadvertitely enabled and not working.
Upgrading to the last snapshot resolved the problem.The strange thing is that until 12/17 snapshot, to make Captive portal work, i was forced to execute:
/sbin/sysctl net.inet.ip.fastforwarding=1
Now in the last snapshot, with VLAN interface, i need to set:
/sbin/sysctl net.inet.ip.fastforwarding=0 (the default value)
Thanks
Happy new Year!Which is why you shouldn't tinker with such settings :-)
It was broken before, that fix wasn't a real fix, it just pushed the problem elsewhere, then when it was fixed right, it seemed "broken"…
