[SOLVED] Cannot access 2 switches on LAN from VLAN.
-
I want to be able to log into switches on LAN:
192.168.18.2 and 192.168.18.3
I can access PFsense just fine but not the switches.
What prevents it?
login-to-view -
forcing the traffic out your dualwan is kind of hard to get to another network that is directly attached.
-
As johnpoz noted, you should leave the gateway at default unless the traffic is Internet bound.
-
I have 2 ISPs for failover.
I usually use teamviewer to remote on of the computers on VLAN31 and do my work because LAN computers are occupied most of the time. -
@pfrickroll said in Cannot access 2 switches on LAN from VLAN.:
I have 2 ISPs for failover.
I usually use teamviewer to remote on of the computers on VLAN31 and do my work because LAN computers are occupied most of the time.None of this has anything to do with accessing one LAN from the other. Again, don't force internal traffic out of a WAN gateway.
-
Remove the gateway from the two rules that pass traffic to 192.168.18.2 and 192.168.18.3. You don't want that traffic to go out the WANs do you?
Probably the one sending traffic to the firewall too.
-
@Derelict said in Cannot access 2 switches on LAN from VLAN.:
Remove the gateway from the two rules that pass traffic to 192.168.18.2 and 192.168.18.3. You don't want that traffic to go out the WANs do you?
Probably the one sending traffic to the firewall too.
The "default" gateway is LAN gateway 192.168.18.1 (pfSsense?)
login-to-view -
@pfrickroll said in Cannot access 2 switches on LAN from VLAN.:
The "default" gateway is LAN gateway 192.168.18.1 (pfSsense?)
login-to-viewI hope you didn't add a useless gateway to your LAN. As for what "default" means in the rule settings, it's written right there.
Leave as 'default' to use the system routing table.
You just need to actually read it.
-
What do you mean by useless? pfsense gateway is 192.168.18.1
I am not an expert in terms of a lot networking concepts there are some details or terms I have yet to fully grasp. -
You have a gateway set on your firewall rules, man. That completely bypasses the routing table, including the default gateway.
https://www.netgate.com/docs/pfsense/routing/bypassing-policy-routing.html
-
@Derelict said in Cannot access 2 switches on LAN from VLAN.:
You have a gateway set on your firewall rules, man. That completely bypasses the routing table, including the default gateway.
https://www.netgate.com/docs/pfsense/routing/bypassing-policy-routing.html
Ok, it makes sense to me but how it applies if I am blocking?
Like i have those 3 rules set, should gateway also be "default? -
What? You are passing not blocking. Block rules don't forward traffic anywhere.
-
@pfrickroll said in Cannot access 2 switches on LAN from VLAN.:
I am not an expert in terms of a lot networking concepts there are some details or terms I have yet to fully grasp.
Then learn them, routing is a basic topic when it comes to networking.
Here: https://forum.netgate.com/topic/138695/how-would-you-go-about-managing-24-pfsense-boxes it seems you are tasked with managing the network of multiple sites for a company. If you want to do this you need to know the basics in and out or you are the wrong person for a job like this.
-
So, Block rules don't care what gateway is there, all traffic is blocked no matter what?
-
You are forcing that traffic out your WANs.
-
@pfrickroll Setting a gateway on a block rule is nonsense. The traffic is blocked so there is nothing to forward.
-
-
Great. Now you can access your switches.