Sharing across multiple vlans
-
hi there
actually i am having difficulty with vlan resource sharing as i have configured 5 vlans by using cisco 3550 switch in other terms its router(pfsense) on the stake, everything is working fine even all vlans clients can ping other vlan clients but the problem is that i want to share resources like freenas and printer but i havent got any luck with it,
i shall be thankful if anybody can help me to find the right way to resolve this issueregards
-
Well your 5 vlans are all rfc1918 I would assume so why would you be doing nat?
So you can ping the freenas IP, you can resolve the freenas fqdn that your using local? What sort of share are you trying to use of freenas its supports multiple options.
SMB/CIFS (Windows File shares), NFS (Unix File shares) and AFP (Apple File Shares), FTP, iSCSI (block sharing), and more.
What firewall rules did you create on the interface that is starting the conversation to your freenas?
Same thing goes for your printer. What printing protocol are you using? lpr, IPP, windows?
-
Each device that shares a resource will need to have a correct CIDR for the subnet it is in, and a gateway set (to the pfSense interface IP in its subnet). Those things will ensure it can route back requests coming in from clients on other subnets in other VLANs.
Without those, it will talk happily to clients in its on subnet, but not outside.
-
thanks Phil
would you please explain it a bit more with example .regards
-
Let's say the printer is in 192.168.1.0/24 subnet, the pfSense interface in that VLAN is set to 192.168.1.1/24 and the IP address of the printer (in the printer setup somewhere) has been set to 192.168.1.42
Then in the printer setup somewhere you need to tell it:
CIDR 24 - i.e. the full specification of the printer's IP address is 192.168.1.42/24
Gateway 192.168.1.1 (the pfSense).Then the printer will know how to talk outside its own local subnet.
If the printer does not have anywhere to specify a gateway, then report back - it is possible on pfSense to NAT the clients in other VLANs out to the printer, so it looks to the printer as if the print requests are coming from the local pfSense IP address. But there is no need to mess with that if the printer lets you specify a gateway.
-
hi there
look into the network diagram and please share your expert opinion as i need to share my printer and freenass with other vlans.
regards
-
You can't put all the various rules on a single interface (I guess the screen shot is of rules on the LAN interface?).
On each interface you need to have rule(s) that permit traffic originating (source) from that interface subnet, and going to (destination) the interface subnet to which the traffic is allowed.
So you need to put, for example, a rule on VLAN40WIFI that has source VLAN40WIFInet and destination LANnet (or your Printers alias).
The basic principle is that you need to pass (or block) traffic with rules on the interface on which it first arrives to pfSense.
-
hi phil
actually theses rules belongs to vlan10admin
and almost same rules on each vlan(vlan20production, vlan30moulding, vlan40WIFI AND VLAN50PRINTERS)
for your understanding i am attaching each interface rules so please suggest me the best solution as everthing is working fine just cant figure out how to print from other vlans and access freenass drivesregards
-
-
(Not related to the printer/FreeNAS topic) - you do not need all those "extra" rules on each interface, with source=SOMEOTHERnet destination=THISnet - nothing will ever match those, because traffic arriving from THISnet will have source in THISnet (not in SOMEOTHERnet)
-
You have general pass-all rules at the top of each net, good for getting the printer/FreeNAS working. But you also have rules down the bottom that direct general traffic to a gateway (those rules will not have any effect just now, because the top pass-all rule will be matching all the traffic). But if you do remove the top pass-all rule at some point, then all the traffic is going to get dire cted to a gateway or gateway-group. That will mess up access to the printer/FreeNAS. So you will need a rule at the top with source THISnet, destination LANnet to pass "local" traffic between subnets without pushing it to a gateway.
Your rules should work OK (and they do, because you can do other stuff between subnets). So you really need to setup your printer to have the pfSense LANnet IP address as its gateway - you have to do that somewhere on the printer setup screen or whatever.
-
