Vlan problem, despert NEED HELP
-
Hello
First, I apologize, I was not specified.
I'm so damn despert, 4 weeks I'm trying to get this working.
We start from the beginning. I am looking for this solution (see picture)
https://www.dropbox.com/s/fcjjkeohnxu4uij/karta.JPG?dl=0You can see my settings in pfsense:
Interface
https://www.dropbox.com/s/dflr2rfp1q7e3ys/interface.JPG?dl=0
Rules
https://www.dropbox.com/s/wd0ftjdtlgq1qtm/vlan30_rules.JPG?dl=0
Vlan30
https://www.dropbox.com/s/sjvvx56tjma6zol/vlan30.JPG?dl=0Unfortunately my English is not that good.
If you answer my question, please use easy English words.
Something like Go Here, please do this, use photos.If you need anything more, just say
-
Why do you have the Internet connection passing through 2 switches? Why not direct to the WAN side of pfSense?
Are those managed switches, so that you can isolate the Internet traffic from the LAN?
Is the pfSense LAN connection on a VLAN? -
Hello
I only have one cable between internet provider and my server with virtual machines.
I have 2 Netgear GS108T menage swichs. My LAN is on 10.10.10.10.
https://www.dropbox.com/s/tcqplbl60tux53x/internet.JPG?dl=0 -
Hello
I only have one cable between internet provider and my server with virtual machines.
I have 2 Netgear GS108T menage swichs. My LAN is on 10.10.10.10.
https://www.dropbox.com/s/tcqplbl60tux53x/internet.JPG?dl=0That doesn't answer my question. Why is the Internet connection passing through 2 switches? Why is there not a direct connection from your ISP to the psSense WAN port? That's the normal connection. Is there not a cable from the ISP's modem, which you then connect to pfSense? Virtual machines have nothing to do with it. Assuming their network connection is bridging, virtual machines appear like any other computer.
-
Hello
It is a only solution. I have an apartment with 3 rooms.
I have internet in the hall. My PC with pfSensen is in the computer room. In my living room I have a PC, PS3 and AppleTV. I only have one cabel between the computer room and the hall. If I connect the internet cable directly to pfSensen, then I can not connect to my pc, ps3 and apple tv in the living room.https://www.dropbox.com/s/alekwd4skner1su/apartmant.JPG?dl=0
-
you can run your connection via vlan on your smart switches.. But what is the config on the switches? And you only have 1 physical interface on pfsense that is running as a vm? What is it running as vm on? esxi, vmware workstation, hyper-v, xen, kvm, what? How is that configured?
-
you can run your connection via vlan on your smart switches.. But what is the config on the switches? And you only have 1 physical interface on pfsense that is running as a vm? What is it running as vm on? esxi, vmware workstation, hyper-v, xen, kvm, what? How is that configured?
I have esxi. I use this guide and don´t work.
https://calvin.me/part-1-install-pfsense-on-esxi-5-5/ -
Hello
I tested a lot of guides, how to install pfSense on esxi. I got it everthing, internet and all my computers, no problem at all, but when I come to Vlan nothing works.
If you have the right guide, you can install everything without any problems.
You do not have to be the physics to understand. -
What exactly is not working here?
What VLANs are you using for the WAN and LAN connection from ESXi to the switch? It looks like they are both untagged but if that is true how are they separated? The ports are segregated in the switch?
Your VLAN30 interface is only allowing TCP traffic so anything connected to it will not be able to use DNS.
Steve
-
What exactly is not working here?
What VLANs are you using for the WAN and LAN connection from ESXi to the switch? It looks like they are both untagged but if that is true how are they separated? The ports are segregated in the switch?
Your VLAN30 interface is only allowing TCP traffic so anything connected to it will not be able to use DNS.
Steve
Hello Steve
What do I need to change in pfSense. I want my vlan30 to access the internet.
Njanja
-
It's impossible to say without knowing exactly how those interfaces are connected in both ESXi and to the switch. But…
At the very least you should change the firewall rule on VLAN30 to be protocol 'any' so that clients there can use DNS and ping etc. You can tighten up the rules later once it's working.
Are clients on VLAN30 receiving IP addresses from pfSense? That would prove some connectivity at least. That assumes you have enabled DHCP on the VLAN30 interface in Services > DHCP Server of course.
Steve
-
It's impossible to say without knowing exactly how those interfaces are connected in both ESXi and to the switch. But…
At the very least you should change the firewall rule on VLAN30 to be protocol 'any' so that clients there can use DNS and ping etc. You can tighten up the rules later once it's working.
Are clients on VLAN30 receiving IP addresses from pfSense? That would prove some connectivity at least. That assumes you have enabled DHCP on the VLAN30 interface in Services > DHCP Server of course.
Steve
Hello Steve
Now i need just internet on vlan. Here is some pictures if they help.
https://www.dropbox.com/s/nol9wpzhvxq8si0/adapters.JPG?dl=0
https://www.dropbox.com/s/svchme9j8f5p7su/esxi_network.JPG?dl=0https://www.dropbox.com/s/pds5xnzmzkwzatr/dhcp.JPG?dl=0
https://www.dropbox.com/s/3u21pxh89mm33y7/pfsense_interface.JPG?dl=0
https://www.dropbox.com/s/5wi9yujmrc1oe51/rules.JPG?dl=0 -
So what are you port configs on your switch?
So port 8 on switch1 is connected to what.. that is vlan 30?
port 7 on sw1 and 2 has what config on each.. Allows 30 and 100?
Then on sw2 what is port 8 and what is port 6? 8 goes to your wan port group on vswitch1 connected to pfsense wan (vmx1) and port 6 goes to what? You have it set to 4095 so tags would go through to pfsense along with untagged traffic.. Depending on what port 6 is configured for..
-
So what are you port configs on your switch?
So port 8 on switch1 is connected to what.. that is vlan 30?
port 7 on sw1 and 2 has what config on each.. Allows 30 and 100?
Then on sw2 what is port 8 and what is port 6? 8 goes to your wan port group on vswitch1 connected to pfsense wan (vmx1) and port 6 goes to what? You have it set to 4095 so tags would go through to pfsense along with untagged traffic.. Depending on what port 6 is configured for..
Hi
I Change some config (easy way). Have 2 nics. One WAN and one LAN
WAN connected direct to internetport 8 on SW1 connected to lan
vlan100 port 1 on SW1 connected to PCSwich config
vlan100 port 8 is trunk and port 1 is untrankPort 8 on SW1
Do i need change more settings for vlans in pfsense
-
I'm so damn despert, 4 weeks I'm trying to get this working.
Want my unsolicited advice? Learn how all this works in the physical realm then move to the virtual environment.
-
I'm so damn despert, 4 weeks I'm trying to get this working.
Want my unsolicited advice? Learn how all this works in the physical realm then move to the virtual environment.
Hi
In the physical realm everthing works fine. Virtual NO :-[ :-[ :-[
-
Ok, so did you change the firewall rule to allow all protocols? You last screenshot shows it still as TCP only.
Are your clients on VLAN30 getting an IP via DHCP? In the correct subnet?
Steve
-
Ok, so did you change the firewall rule to allow all protocols? You last screenshot shows it still as TCP only.
Are your clients on VLAN30 getting an IP via DHCP? In the correct subnet?
Steve
Hi Steve
Thenks for helping me.
Which firewall rule, lan, wan, or vlan
Yes i got IP and it is in this case: 10.0.0.50. Mask 255.255.255.0 Bcast 10.0.0.255 -
What exactly is not working?
"Have 2 nics. One WAN and one LAN
WAN connected direct to internet"So your original switch drawing is no longer valid.
What exactly do you want to happen with your vmkern and pfsense vswitch for your lan? I have been running pfsense on esxi for years.. At a loss on what your trying to do with your vmkern? And where exactly you want to connect to it from.. Are you trying to firewall your vmkern with your virtual pfsense? That is not going to work, and if it did you would have a nightmare if pfsense vm didn't load, etc.
your esxi host only has 2 nics right? If so then yes use 1 for your wan, directly connect it to your modem.. so it goes like this
internet - modem - esxi host nic – vswitch (wan) -- vnic wan pfsense
Then your vmkern port group would be on same vswitch.. pfsense lan (untagged) Then what do you want to do with vlans and pfsense and tagged traffic?
-
Hi Steve
I want to tell you that you are the BEST. You answered my questions. I'm not very good at English, but you understood what I was looking for.
I looked at the picture that you pointed out in the last answer, and that was right. I changed the rules and then the internet work.
For safety, I created one more VLAN, and I connected my AP. And it is work too.
Will try a little more tomorrow and see how it works. Will try one more swich.
I want to say once again a big thank you for your help.Thank you very very very much :) ;) :D ;D :) ;) :D ;D >:( :(
You are the best 8)Njanja
