Multipule Lan but 1 without Internet. HELP!!!
-
i have a pfsense VM, i will try your config and see if it works with me or not, i will post back later on when i get the results of the test.
-
done a bit of testing there with a fresh install of pfSense, have you configured the firewall on opt1, when you first enable the opt1 interface, there are no inbound rules applied to that interface and as such all incoming (from device to pfsense) network traffic from that lan will be blocked. (see attached photo)
you will also not be able to access the webui from devices on the opt1 interface although you can add firewall rules to allow access.
i have no experience in Vlans so i cant help in that way, i run separate lans on separate interfaces each having their own NIC and switch.
-
i added the rules when I installed the second NIC and I'm able to access the webui through but no internet without the other card disabled and running through the setup wizard again.
-
could you capture the rules you have to your lans and wan port and post them here? i will help us to see what what you have your firewall configured and hopefully find the problem with your connection
can you ping an external address for example google?
-
![](http://LAN 1.png)
![](http://LAN 2.png)
![LAN 1.png](/public/imported_attachments/1/LAN 1.png)
![LAN 1.png_thumb](/public/imported_attachments/1/LAN 1.png_thumb)
![LAN 2.png](/public/imported_attachments/1/LAN 2.png)
![LAN 2.png_thumb](/public/imported_attachments/1/LAN 2.png_thumb) -
i may be wrong here as i havent been using pfsense for long but by the looks of it, although you have rules that allow access to the webui and things like that, i believe the reason you have no access to the wan is because you have no destination rules meaning if i understand correctly pfsense does not know what to do with the traffic so it doesnt do anything.
-
Your rules are confusing.
You're basically saying…
251, any port, if you're destination is NOT yourself, on any port then go to the next rule. Mind you I can't see what your redirect location is.
ect, ect, ect
The '!' is 'not... address'
Really, if you want to simplify things you REALL need to physically separate those networks. Having two networks broadcasting on the same switch is EXTREMELY confusing.
VLAN one or physically separate, turn on DHCP or set them static so there is NO cross talk then just put a block rule on the IPs you don't want to get to the WAN interface.
On your NoVPN interface you have allow any rules.
Granted I'm no expert but you've got me very confused.
-
It's not just confusing, it is wrong.
-
done a bit of playing around with the firewall rules, i managed to get internet on both interfaces, those rules you have on your main lan are not needed.
when setting up the vpn, you set the interface used in the openvpn configuration screen and it will only use that lan.
i would physically separate your lans onto two switches.
-
First off the rules are not wrong they have been there on that nic for a long time and working properly. Those rules are only there to redirect those IP's so they don't use the vpn. I'm not having any trouble with the Lan it is with the NOVPN. Thank you to those that are giving helpful advice.
-
This is my cleaned up version but still no internet on NIC 2 but can logon to the pfsense box using it.