Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    SG-1100 vlan help, firewall rules to ping between vlan

    Official Netgate® Hardware
    2
    6
    478
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      Allan_84
      last edited by

      Hi

      Im new to pfsense and is now playing with a netgate sg-1100 with an unifi nanohd ap connected to the LAN port.

      I have setup 2 vlan, Guest and IOT. (vlan id 50 and 60)

      There is internet and ip on LAN, vlan IOT and vlan Guest, all this fare is ok and working, i did follow some of the youtube guides from Tom from lawrence systems on the sg-1100 and pfsense to to this.

      But here is the problem, i can not get any firewall rules i try to work on the topic of ping between:
      lan <--> vlan
      or
      vlan <--> vlan

      I have seached alot and cant get it to work, any tips or help would be greatly appreciated, thanks ;)

      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        That should only be a matter of having rules to allow it as long as devices in those subnets can respond to ping from a different subnet.

        If you are policy routing you would need specific rules above that to pass it.

        Can we see a screenshot on your rules on one of the interfaces that is not working?

        Steve

        1 Reply Last reply Reply Quote 0
        • A
          Allan_84
          last edited by Allan_84

          Hi, and thank you for your help, your answer got me thinking, and i found that in windows 10 i have to not only enable the windows firewall to echo ICMP ping, but also enable it to echo ping from other subnets to get this to work.

          And now i think it all works, thank you.

          This is my rules, i can now ping from LAN to both GUEST and IOT, but GUEST and IOT cant ping to LAN.

          LAN rules.jpg

          IOT rules.jpg

          1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by

            Ok so what's in the 'SecureLANs' alias?

            Your rule on IOT only allows traffic to destinations that are not in that alias so if it contains the LAN subnet you will not be able to connect.
            You probably need an additional rule to pass only icmp traffic from IOTnet to wherever you need it.

            Steve

            1 Reply Last reply Reply Quote 0
            • A
              Allan_84
              last edited by

              Hi
              In the SecureLANs alias there is the LAN and i have added a rule like that for the GUEST network also now.

              I have also the Avahi mDNS service running.

              I was under the impression that the devices on the LAN can see and start the connection into the IOT-network and also with the avahi mdns running that things like chromecast could work from IOT-network?

              Im new to this so there could be something i have missed?

              1 Reply Last reply Reply Quote 0
              • stephenw10S
                stephenw10 Netgate Administrator
                last edited by

                That is correct, LAN will be able to ping IOT. IOT will not be able to create connection to ping LAN though which is what you asked about.

                Steve

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.