• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

PFSense Not Responding on vLAN

Scheduled Pinned Locked Moved General pfSense Questions
10 Posts 4 Posters 2.7k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • I
    iggi
    last edited by Aug 12, 2011, 2:47 AM Aug 12, 2011, 2:04 AM

    The vLAN is set with an IP address assigned and the tag set to 20, the packets come in via a trunk port with the tag of 20 and hit the vLAN interface (I can see it with a packet collector), but the PFSense box sends out nothing. Nothing is seen being sent from the PFSense box on it's packet collector nor other computers connected to the vLAN.

    All computers and the PFSense box see the packets coming into the PFSense box. The PFSense box does not respond via ping or on the web URL.

    Do I have to do something special to get the IP a PFSense box has on a vLAN to respond?

    Edit- This may be a bit clearer:

    I did a packet collection, the packets come in tagged for the correct vLAN and the packets even appear on that vLAN when I run a capture on it, but PFSense does not respond on that vLAN. However when I assigned the IP normally on that vLAN to the normal LAN interface it functions as expected.

    1 Reply Last reply Reply Quote 0
    • I
      iggi
      last edited by Aug 12, 2011, 2:39 AM

      I would like to add that when I add the IP assigned to the vLAN tagged as 20 to the LAN interface instead it functions as expected.

      1 Reply Last reply Reply Quote 0
      • M
        Metu69salemi
        last edited by Aug 12, 2011, 3:46 AM

        If you want to have trafic flowing from vlan to any other vlan/internet clients must have a gateway. this gateway is better know router/firewall ip-address, and must be in the same subnet & interface

        1 Reply Last reply Reply Quote 0
        • I
          iggi
          last edited by Aug 12, 2011, 4:43 AM

          It's not simply that It's not flowing to any other vLAN it's that PFSense has an IP on the same subnet as the computer. The computer tries to ping PFSense, but it doesn't respond.

          Here is an ASCII mockup:

          PFSense (vLAN20)–------------Switch-------------Computer
          (10.2.20.1)              (IP on VLAN20 10.2.20.2)    (IP 10.2.20.3)

          Switch tags the packets and sends them down the trunk to the PFSense firewall, they reach the firewall tagged, but the firewall does nothing. It doesn't send packets or respond to any activity on the interface.

          1 Reply Last reply Reply Quote 0
          • W
            wallabybob
            last edited by Aug 12, 2011, 6:30 AM

            What firewall rules do you have on the VLAN20 interface? The default on any interface that is not called LAN is to block everything. Does your firewall log show traffic from 10.2.20.3 blocked?

            If you change firewall rules you should also reset states: Diagnostics -> States, click on Reset states tab.

            1 Reply Last reply Reply Quote 0
            • I
              iggi
              last edited by Aug 12, 2011, 11:16 AM

              Thank you, you are a life saver!

              I never thought about the firewall rules, and I figured they wouldn't play a part since I was trying to simply SSH to the computer from the PFSense box. I added firewall rules, but that didn't resolve the issue. I followed your guide to reset states and it instantly started working as expected! Thanks again.

              1 Reply Last reply Reply Quote 0
              • I
                iggi
                last edited by Aug 12, 2011, 12:36 PM

                Well as soon as I thought it was working it broke again.

                Upon further investigation I see that the interface only functions when I am doing a packet capture on it, any idea how this is possible?

                1 Reply Last reply Reply Quote 0
                • I
                  iggi
                  last edited by Aug 12, 2011, 12:56 PM

                  The issue ended up being promiscuous mode, I ran "ifconfig re0 promisc" and it worked. Thanks Jim-p in IRC.

                  1 Reply Last reply Reply Quote 0
                  • W
                    wallabybob
                    last edited by Aug 12, 2011, 1:45 PM

                    @iggi:

                    The issue ended up being promiscuous mode, I ran "ifconfig re0 promisc" and it worked. Thanks Jim-p in IRC.

                    Known bug in re driver/hardware?

                    1 Reply Last reply Reply Quote 0
                    • J
                      jimp Rebel Alliance Developer Netgate
                      last edited by Aug 17, 2011, 7:55 PM

                      Most likely that specific chip. If you do a google search for "freebsd re0 promisc" you'll see there is quite a history there :-)

                      Some (most?) of them work fine out of the box though.

                      Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                      Need help fast? Netgate Global Support!

                      Do not Chat/PM for help!

                      1 Reply Last reply Reply Quote 0
                      6 out of 10
                      • First post
                        6/10
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                        This community forum collects and processes your personal information.
                        consent.not_received