VLAN Routing
-
Hi All,
I use pfsense 2.0.1I have three interface
bge0
xl0
xl1WAN -> xl0 -> 10.10.10.123/24 -> Gateway 10.10.10.1 -> DNS 8.8.8.8
LAN -> xl1 -> 192.168.2.1/24 -> DHCP Enable
OPT1 -> bge0 -> VLAN190 -> 10.190.0.50/23 -> DHCP EnableFirewall Rules
WAN
Source LAN Address allow any
Source VLAN190 Address allow anyLAN
Source LAN Address allow anyVLAN190
Source VLAN190 Address allow anyI think I miss a little setup
LAN
There is no issue, I use cross cable connect from xl1 to a notebook
I can browse (transparent proxy)
I can ping LAN Address and WAN IP (10.10.10.123)VLAN190
Here is the issue
I can get ip from pfsense DHCP Service. I set Gateway to 10.190.0.50
I can ping VLAN190 Address 10.190.0.50 from notebook
I use switch and already setup VLAN190
Interface VLAN 190 ip address 10.190.0.1 (Switch)
But I can not ping 10.10.10.123 (WAN IP)
and I can not browsing to the internetWhere I miss the setup?
Thank you in advanced
JGun98 -
VLAN190
Here is the issue
I can get ip from pfsense DHCP Service. I set Gateway to 10.190.0.50The laptop should get the default gateway in the DHCP lease, you shouldn't need to set it. If the laptop is not getting the correct gateway then maybe its getting DHCP lease from another server.
I can ping VLAN190 Address 10.190.0.50 from notebook
I use switch and already setup VLAN190
Interface VLAN 190 ip address 10.190.0.1 (Switch)
But I can not ping 10.10.10.123 (WAN IP)
and I can not browsing to the internetSetup ping 10.10.10.123 on laptop. Does packet capture on vlan190 interface show the incoming pings? Does firewall log show ping getting blocked?
-
Your firewall rules look incorrect though it could just be how you've written it down. Screen shots eliminate confusion. ;)
The source for VLAN190 firewall rule should be VLAN190 subnet not address.
There is no need to have those rules on the WAN interface. You will never have traffic entering WAN with source LAN or VLAN190.
Steve
-
Thanks for the reply
True that Gateway and DNS set by DHCPIt is strange that firewall block either ping to 10.190.0.50 and 10.10.10.123
Feb 2 09:35:35 VLAN190 10.190.0.51:137 10.190.1.255:137 UDP
Feb 2 09:35:36 VLAN190 10.190.0.51:137 10.190.1.255:137 UDP
Feb 2 09:35:36 VLAN190 10.190.0.51:137 10.190.1.255:137 UDP
Feb 2 09:35:37 VLAN190 10.190.0.51:137 10.190.1.255:137 UDP
Feb 2 09:35:37 VLAN190 10.190.0.51:138 10.190.1.255:138 UDP
Feb 2 09:35:38 VLAN190 10.190.0.51:137 10.190.1.255:137 UDP
Feb 2 09:35:39 VLAN190 10.190.0.51:137 10.190.1.255:137 UDP
Feb 2 09:35:39 VLAN190 10.190.0.51:49428 77.222.90.3:80 TCP:S
Feb 2 09:35:39 VLAN190 10.190.0.51:137 10.190.1.255:137 UDP
Feb 2 09:35:39 VLAN190 10.190.0.51:49429 207.46.61.90:80 TCP:S
Feb 2 09:35:40 VLAN190 10.190.0.51:137 10.190.1.255:137 UDP
Feb 2 09:35:41 VLAN190 10.190.0.51:137 10.190.1.255:137 UDP
Feb 2 09:35:42 VLAN190 10.190.0.51:137 10.190.1.255:137 UDP
Feb 2 09:35:42 VLAN190 10.190.0.51:137 10.190.1.255:137 UDP
Feb 2 09:35:43 VLAN190 10.190.0.51:137 10.190.1.255:137 UDP
Feb 2 09:35:44 VLAN190 10.190.0.51:137 10.190.1.255:137 UDP
Feb 2 09:35:48 VLAN190 10.190.0.51 10.10.10.123 ICMP
Feb 2 09:35:49 VLAN190 10.190.0.51:137 10.190.1.255:137 UDP
Feb 2 09:35:50 VLAN190 10.190.0.51:137 10.190.1.255:137 UDP
Feb 2 09:35:51 VLAN190 10.190.0.51:137 10.190.1.255:137 UDP
Feb 2 09:35:51 VLAN190 10.190.0.51:49428 77.222.90.3:80 TCP:S
Feb 2 09:35:51 VLAN190 10.190.0.51:137 10.190.1.255:137 UDP
Feb 2 09:35:52 VLAN190 10.190.0.51:137 10.190.1.255:137 UDP
Feb 2 09:35:53 VLAN190 10.190.0.51:137 10.190.1.255:137 UDP
Feb 2 09:35:53 VLAN190 10.190.0.51 10.10.10.123 ICMP
Feb 2 09:35:54 VLAN190 10.190.0.51:49428 77.222.90.3:80 TCP:S
Feb 2 09:35:58 VLAN190 10.190.0.51 10.10.10.123 ICMP
Feb 2 09:36:00 VLAN190 10.190.0.51:49428 77.222.90.3:80 TCP:S
Feb 2 09:36:00 WAN 10.10.10.122:32054 224.0.0.252:5355 UDP
Feb 2 09:36:00 WAN 10.10.10.122:32054 224.0.0.252:5355 UDP
Feb 2 09:36:03 VLAN190 10.190.0.51 10.10.10.123 ICMP
Feb 2 09:36:08 WAN 10.10.10.119:138 10.10.10.255:138 UDP
Feb 2 09:36:08 WAN 10.10.10.118:138 10.10.10.255:138 UDP
Feb 2 09:36:08 WAN 10.10.10.118:138 10.10.10.255:138 UDP
Feb 2 09:36:09 WAN 10.10.10.118:138 10.10.10.255:138 UDP
Feb 2 09:36:10 WAN 10.10.10.118:138 10.10.10.255:138 UDP
Feb 2 09:36:10 VLAN190 10.190.0.51 10.10.10.123 ICMP
Feb 2 09:36:11 WAN 10.10.10.118:138 10.10.10.255:138 UDP
Feb 2 09:36:12 WAN 10.10.10.118:138 10.10.10.255:138 UDP
Feb 2 09:36:12 VLAN190 10.190.0.51:49430 77.222.90.3:80 TCP:S
Feb 2 09:36:12 WAN 10.10.10.118:138 10.10.10.255:138 UDP
Feb 2 09:36:15 VLAN190 10.190.0.51:49430 77.222.90.3:80 TCP:S
Feb 2 09:36:15 VLAN190 10.190.0.51 10.10.10.123 ICMP
Feb 2 09:36:20 VLAN190 10.190.0.51 10.10.10.123 ICMP
Feb 2 09:36:20 WAN 10.10.10.122:31758 224.0.0.252:5355 UDP
Feb 2 09:36:20 WAN 10.10.10.122:31758 224.0.0.252:5355 UDP
Feb 2 09:36:21 VLAN190 10.190.0.51:49430 77.222.90.3:80 TCP:S
Feb 2 09:36:25 VLAN190 10.190.0.51 10.10.10.123 ICMP
Feb 2 09:36:44 WAN 10.10.10.122:21245 224.0.0.252:5355 UDP
Feb 2 09:36:44 WAN 10.10.10.122:21245 224.0.0.252:5355 UDP -
@stephenw10.
SOLVED.
VLAN190 Subnet…. not address.
THanks.