VLANs and Routing - Help
-
That was all an example on what to do on 10.10.10.1 if it was pfSense. Since it hasn't been made clear it is pfSense.
-
I don't understand why the wan connection (10.10.10.15 in PfSense) cant act as a standard internet gateway for any clients that sit behind it, why does 10.10.10.1 need to be able to contact anything on the LAN/VLAN(s)?
-
Because whatever is on 10.10.10.1 does not have a route to:
Re0 > LAN, 192.168.1.1
Re0_vlan20, 192.168.20.1
Re0_vlan20, 192.168.30.1Typically people NAT so all connections appear to 10.10.10.1 as coming from 10.10.10.15, which 10.10.10.1 DOES have a route to on a connected interface.
Again, how does 10.10.10.1 know to send traffic for 192.168.20.1 to 10.10.10.15 for further routing?
-
The 10.10.10.0 Network is just the adsl router and Pfsesne WAN interface. Do I have to worry about the route from 10.10.10.1 back to Lan,vlan20 and vlan 30 because NAT is disabled in the Pfsense?
-
Yes. You have a device 10.10.10.1 trying to send traffic to 192.168.20.0/24. It needs a route. This isn't a pfSense thing. It's an IP thing. You need to enable automatic NAT.
-
I've enabled Automatic outbound NAT rule generation, no rules were generated and PC30 (192.168.30.15) still cannot ping 8.8.8.8, am I missing something here?
-
Yes. Two subnets on one segment is not the way to do things. If you INSIST on doing that, you'll have to switch back to manual, NOT delete all the NAT rules, and duplicate the rules for 192.168.20 to 192.168.30. I can't for the life of me figure out why you would want to do that. If you want a 30 subnet, create VLAN 30 and put those hosts there.
-
There is a typo in my original post which I will connect now, I do indeed have a vlan30 for 192.168.30.x subnet.
My apologies.
-
Changing back to automatic should create the correct rules. If not, I guess back to manual and duplicate the rules for 192.168.20.0/24 for 192.168.30.0/24.
-
Thanks for persevering with this!
I was testing this in a lab that I thought was identical to my live setup, as it turns out the switch had some misconfiguration on it.
All working now, thanks!
-
Something I have now noticed is that the web interface sometimes takes a long time to respond/load. Would anyone know if this is something to do with the multiple virtual interfaces?
-
No. It's not anything due to having multiple virtual interfaces in and of itself. They look just like regular interfaces to pfSense.
-
Are you using Firefox?
If so, there were changes in a recent Firefox release that messed up the way it processes old certificates that you had made exceptions for (like the first time you go to pfSense webGUI.
Posts like this explain how to clean up Firefox: https://forum.pfsense.org/index.php?topic=82828.msg458036#msg458036
