VLANs and Routing - Help
-
The 10.10.10.0 Network is just the adsl router and Pfsesne WAN interface. Do I have to worry about the route from 10.10.10.1 back to Lan,vlan20 and vlan 30 because NAT is disabled in the Pfsense?
-
Yes. You have a device 10.10.10.1 trying to send traffic to 192.168.20.0/24. It needs a route. This isn't a pfSense thing. It's an IP thing. You need to enable automatic NAT.
-
I've enabled Automatic outbound NAT rule generation, no rules were generated and PC30 (192.168.30.15) still cannot ping 8.8.8.8, am I missing something here?
-
Yes. Two subnets on one segment is not the way to do things. If you INSIST on doing that, you'll have to switch back to manual, NOT delete all the NAT rules, and duplicate the rules for 192.168.20 to 192.168.30. I can't for the life of me figure out why you would want to do that. If you want a 30 subnet, create VLAN 30 and put those hosts there.
-
There is a typo in my original post which I will connect now, I do indeed have a vlan30 for 192.168.30.x subnet.
My apologies.
-
Changing back to automatic should create the correct rules. If not, I guess back to manual and duplicate the rules for 192.168.20.0/24 for 192.168.30.0/24.
-
Thanks for persevering with this!
I was testing this in a lab that I thought was identical to my live setup, as it turns out the switch had some misconfiguration on it.
All working now, thanks!
-
Something I have now noticed is that the web interface sometimes takes a long time to respond/load. Would anyone know if this is something to do with the multiple virtual interfaces?
-
No. It's not anything due to having multiple virtual interfaces in and of itself. They look just like regular interfaces to pfSense.
-
Are you using Firefox?
If so, there were changes in a recent Firefox release that messed up the way it processes old certificates that you had made exceptions for (like the first time you go to pfSense webGUI.
Posts like this explain how to clean up Firefox: https://forum.pfsense.org/index.php?topic=82828.msg458036#msg458036
