basic VLANS - Noob

chrischambers · Feb 22, 2021, 4:35 PM

Port 1

on port 1 as shown in my drawn the profile is " All "
on port 15 the only profile on is "Test 20 "

with the following settings

chrischambers · Feb 22, 2021, 4:40 PM

@johnpoz said in basic VLANS - Noob:

Port 15.. What you showed is WRONG... The only vlan on that should be native vlan 20.. nothing tagged, no other vlans

forget this I was trying something. it is now deleted.

johnpoz · Feb 22, 2021, 4:47 PM

Ok if you have your vlans setup correctly on your switch.. And your pc on vlan 20 interface on your switch gets an IP from dhcp on pfsense for vlan 20..

And it has internet I take it?

But you can not ping it from lan?

What are the rules on lan? Your not policy routing traffic out some vpn are you?

Post up rules on lan and vlan 20 interfaces on pfsense.

chrischambers · Feb 22, 2021, 4:56 PM

@johnpoz

Ok if you have your vlans setup correctly on your switch.. And your pc on vlan 20 interface on your switch gets an IP from dhcp on pfsense for vlan 20.. -- Yes I do
And it has internet I take it? -- not at the moment as I have no rules for outbound
But you can not ping it from lan? -- That is right
What are the rules on lan? Your not policy routing traffic out some vpn are you? -- yes I do have a VPN
Post up rules on lan and vlan 20 interfaces on pfsense.

WAN

LAN

johnpoz · Feb 22, 2021, 5:03 PM

Ok your forcing traffic out your gateway that 1.9 IP to plextv? Not sure what is the point of that?

That is wan and lan - where is vlan 20?

As long as your not coming from 1.9 and going to whatever is in that alias for plextv - you would be able to go to your vlan 20 via your lan net source any any rule.

So makes no difference what rules you have on vlan 20. lan should be able to ping anything on vlan20

So again sniff on vlan 20 interface while your pinging from lan - do you see the ping go out.. If so then problem is not pfsense..

Are you sending everything out some vpn.. I don't understand why your trying to policy route traffic out your wan gateway? Unless you have everything else going out some vpn?

chrischambers · Feb 22, 2021, 5:03 PM

@johnpoz said in basic VLANS - Noob:

VLAN 20

I have a plex server sitting behind the PFsense, and looking at videos it informed me that I needed to added that rule.

is sniff the pinging within pfsense ?

johnpoz · Feb 22, 2021, 5:10 PM

@chrischambers said in basic VLANS - Noob:

and looking at videos it informed me that I needed to added that rule.

Sorry but NO.. How does that make any sense? Again are you using some vpn service?? Inbound traffic to your plex, would go back out your wan.. As to plex going somewhere on its own to pull metadata, etc. - why would that not work via a vpn connection. If that is what your using.

What do you have in plextv alias exactly

Yes go to diagnostic - packet capture.

chrischambers · Feb 22, 2021, 5:11 PM

@johnpoz
here are two of the links I used to set that up
https://blog.linuxserver.io/2017/05/01/how-to-run-pfsense-with-pia-vpn-but-still-use-plex-remote-access/

https://www.youtube.com/watch?v=jwwczlvWw9Y

sorry have to run, have to cook dinner for the wife. I will return tomorrow - thanks for your help so far.

johnpoz · Feb 22, 2021, 5:21 PM

Ok if plex is just contacting plex.tv to get its public IP.. Then yeah you would want to make sure it goes out your normal wan..

As long this IP is showing your actual normal wan IP from your isp then yeah that should be fine.

chrischambers · Feb 23, 2021, 7:59 AM

@johnpoz Hi John, the plex works with no issues, it is just the vlans

here are the ping results from PFsense

chrischambers · Feb 23, 2021, 9:39 AM

@chrischambers morning. I think i have it all working, I don't know why but for some reason it just started to work.

@johnpoz many thanks for your help yesterday.

johnpoz · Feb 26, 2021, 3:46 PM

Those ping results is not what I asked for... I asked for you to sniff on your vlan 20 interface while you pinged vlan 20 from lan.. How is pinging ip in vlan 20 and lan IP from pfsense that?

chrischambers · Feb 26, 2021, 3:46 PM

@johnpoz said in basic VLANS - Noob:

la

sorry @johnpoz but please see above I did ask what is Sniff as I have never hear of it. but once again thanks for your help

johnpoz · Feb 26, 2021, 4:10 PM

Under diagnostic menu.. Packet Capture. This allows you to see like the raw data that interface sees..

Here this might help in what packet capture (sniff) is.

https://en.wikipedia.org/wiki/Packet_analyzer

edit: example

Here is a sniff (packet capture) on my dmz interface (192.168.3.253) while pinging an IP in my dmz network, from my lan network 192.168.1000

Now you can view more info by changing the verbosity level in that screen. Or you could just download the capture into your own software.. Wireshark for example (free)..

And get all kinds of great info on what is actually going on.. For troubleshooting stuff

In your specific scenario - you would of been able to see if pfsense was actually sending on the ping request, but not getting an answer, etc.