Static routes
-
I thought that was the case (as you said in a previous post). lll have a lay with it then Ill post up screenshots if I don't get anywhere with it :)
-
posting up the firewall rules and routing table. The interfaces I havent posted have no rules in them. It is still reletively open as a network.
-
i'm guessing OPT5 & OPT6 are the VLAN interfaces ?
The interfaces I havent posted have no rules in them. It is still reletively open as a network.
Pfsense blocks EVERYTHING by default … so if you have no rules on the OPT interfaces, then they will be unable to go out to anywhere.
try creating an 'ALLOW ALL' rule on the vlan interfaces (PASS | protocol/source/destination:any )
if that works, you can adjust it / add rules to lock it down the way you like. -
Opt1,5,6 and LAN are all vlans. LAN is working fine. OPT1 is going to be VoIP, Opt 5 is going to be my DM-z and Opt 6 is going to be my blue.
Ive just added in the allow rules on opt 1 (which is the VLAN im working on at the moment) and its still not playing ball. I want WAN1 as my data and WAN2 as my voice. WAN2 seems to be the one having the issue
-
just adding rules are not enough if you want them to get to the internet. You are also going to have to create manual NAT rules to make sure that when the traffic goes out, it gets an internet address.
-
Ive done that. When I do ipconfig on the computer it is picking up an ip (DHCP), but when I ping it says that the private interface is unreachable. ip of pc is 192.168.0.2 and ip of private nic on pfsense on that vlan is 192.168.0.1
-
have you double checked the vlan settings on the switch ? untagged ports for clients & correct pvid | tagged port for pfsense
-
For the time being I am going through the NICSs (directl connecting), I do have 2 shiny Netgear switches sitting here, which at the moment I'm not using, but until I've got the VLANs sorted on firewall I was going to wait before using them. I have 4 NICs currently. 2 Red, 1 with LAN, OPT5, Opt6, 1 with Opt5 and OPt1. Sorry I should have said earlier. Is that likely where my issue is?
-
So long as there are rules to allow the packets to pass (any protocol, normal is TCP/UDP) and there is an associated rule in the outbound NAT table, it should be able to get tot he internet.
what are you trying to ping and from where?
-
Pfsense will ALLWAYS TAG the packets on vlan interfaces ….
if you directly attach your clients, then you will need to force your network driver into the correct VLAN for this to work. (in windows this can be done in device manager when going to advanced settings of the NIC).
Do note that this works with most Intel network cards .... not sure if all drivers are able to support VLAN's. -
is there anyway to turn off tagging in PfSense?
-
Yes … don't enable VLAN.
-
lol, ok, ill set up my switches then now instead of going direct. cheers :)
-
Ive got a vlan going through the switch, but tagging doesn't appear to be the issue as pfsense is going through a tagged port
-
Yes, you just have to specify which VLAN it has access to and it should work.
-
I did :-/
-
I have the vlan tagged, but its not lagged on the switch. Is that required?
-
The switch needs to know what VLAN it has on what port. Basically, it needs a VLAN access group setup.
-
I've already done that. So I'm assuming from that explanation I don't need to set a dedicated lag. So that then begs the question why is my VLAN access group not doing what it should :-/ I'm sure I'm missing something blatently simple here!
-
Ive tried it through a LAG, Ive tried it with tagged ports to the pfsense box, ive tried it with untagged ports, Its giving out IPs but its not connecting to the internet (and ive setup NAT as far as I'm aware). I cant ping pfsense from the computer I have going through the switch. I can however ping the switch