Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Routing Traffic Between VLANS

    Scheduled Pinned Locked Moved Routing and Multi WAN
    6 Posts 3 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C Offline
      calvind
      last edited by

      Hi,

      I have a pfsense router connected to a TEG-240WS switch which has a trunk line to a second TEG-240WS on another floor. I have configured everything such that there are 10 VLAN's, each with their own Subnet. They all have DHCP and can access the internet. Now I want to limit as much as possible any connections with each VLAN, but I have one case where clients on VLAN 4 (10.10.4.1/24) have to talk to clients on VLAN 2 (10.10.2.1/24). I tried setting up a firewall rule for this on the VLAN 4, but I don't think clients on VLAN 4 can even resolve the VLAN 2 IP addresses.

      Do I need to create a NAT outbound rule to link VLAN 2 and VLAN 4?

      1 Reply Last reply Reply Quote 0
      • DerelictD Offline
        Derelict LAYER 8 Netgate
        last edited by

        What do you mean by, "I don't think clients on VLAN 4 can even resolve the VLAN 2 IP addresses."  DNS?

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • C Offline
          calvind
          last edited by

          Well I have this rule under VLAN 4:
          IPv4 * VLAN4 net * * * * none

          And when I ping an ip in VLAN2 I get no response, and nothing in the firewall logs.

          1 Reply Last reply Reply Quote 0
          • DerelictD Offline
            Derelict LAYER 8 Netgate
            last edited by

            That's the only rule you need.  It passes everything from VLAN4 to all interfaces on pfSense. Must have something else screwed up somewhere.

            Make sure the software firewall on the host you're pinging isn't blocking traffic from networks other that its own subnet.

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • C Offline
              calvind
              last edited by

              Thank you, that explains it!

              1 Reply Last reply Reply Quote 0
              • KOMK Offline
                KOM
                last edited by

                Heh, you are only about the 12 millionth person to be bitten by the local firewall.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.