@gabriel-silveira Se você tem 2 provedores, os 2 estão conectados no pfsense, certo?
O Gateway group permite você configurar essas saídas de Internet em failover por exemplo, caso provedor A caia, utilize o provedor B até que o A seja restabelecido.

Ou caso você queria por exemplo que a VLAN20 utilize o provedor A apenas, você adiciona na regra de Firewall que permite o acesso a Internet dessa VLAN o gateway apontando para o gateway do provedor A.

Você fez alguma configuração nesse sentido?

Pois caso tenha feito, você precisará criar regras de Firewall, permitindo a conexão entre as VLANs, com gateway sem alteração, ou seja, em default, e essa regra deverá estar no topo.

Ela precisa estar antes das regras que permitem o acesso a Internet com gateway específico, ou seja, que não seja default.

Uma recomendação para que possamos te ajudar melhor, é sempre postar uma topologia do ambiente. Estou tendo que fazer suposições sobre o problema e o ambiente.

edit:
on the SG-3100 I have determined that I did not have the switch ports assigned/enabled to any vlans and after that it gave me DHCP on the lan ports and vlans. however I am still with the issue of some devices getting IP's and some not, on the same laptop over Wi-Fi nothing wired something. My travel AP does not support vlans so it has to be on the base level. and none of my non-Mac computers seem to be getting DHCP. And I don't know what caused it but I managed to crash my old router and ALL INTERNETs last night plugging in the new one to do a test. I went out and bought 4 manageed switches so I could break out all of my VLANs to test, and it was the only ez way to solve ingesting my multiple travel WAN VLANS ( local lan, Wi-Fi, Wi-Fi hotspot, wired LTE modem).

Good day,
I think it is necessary to solve it on the switch via ACL ... I don't have a UniFi switch, so I can't advise it much. I only have UniFi AP AC RL. I don't have any NETGATE devices yet, I'm just getting ...

Trunk your VLANs on a single pfSense interface.

The Netgear docs suck big time.

https://community.netgear.com/t5/Smart-Plus-Click-Switches/Port-trunking-on-GSS108E/td-p/1353948

@Gertjan said in Trouble With CaptivePortal on Two VLANs in One Interface:

You are already using multiple interfaces - a VLAN is considered as a interface.

Typically, each interface has its own dedicated AP(s) - using a dedicated radio (== Wifi) setup.
A user should choose the correct Wifi SSID first to use the correct network. You can't automatize this.

I just wanted to make it happen. I was planning to redirect the user to the correct VLAN by using just one SSID. But I completely got that I can not do it. Thanks for your helps.

@free4 I still can not find an opportunity to try PacketFence. I will write down here if I can be successful on it.

@ak-0 said in Internal routing of Vlans:

@Derelict
Vlan are created under physical Lan interface ig0 and parent interface for these vlan`s is ig0.

Actually what i want to achieve is if traffic from Vlans goes out first it should reach
Vlan gateway>>Lan gateway>> Wan port and should not do Vlan>>Wan port.
Tracert should be
1.Vlan IP (192.168.100.1)
2.Lan IP (192.168.10.1)
3.Gateway IP (1.2.3.4)
instead of
1.Vlan IP (192.168.100.1)
2.Gateway IP (1.2.3.4)
I`m trying to double NAT for Vlans, first NAT should be internal and then gateway.

@tim-mcmanus : If we simply capture the packet and on inspection it can show the source device and then the route the packet came from. So, someone with that much information and hacking knowledge can easily walk into your network. Also, can send packet with header upside down to hit the server behind pfsense firewall, located on VLAN.

I've worked in environments that required double NATs, and I would suggest avoiding it at all costs. The only real reason to do this is IP overlap between networks. Security through obscurity is not something to rely on, and even if they knew your internal IP was 192.168.1.20, they can't do anything with it from the outside.

@telescopedepth I appreciate people's goodwill.
😅
I understand you, also networking's jobs. you can learn enough, trought forum and community, as I do...
If you really want, nothing is impossible! 🐬

Meanwhile I'll reading some nice book like this

Some page for a day, it's easy to follow and full of good pratice, for me.
Regards.

(Indeed pfSense book it is) Finally I need to thank so much pfsense team for this pretty nice gift, I dicovered few days ago, pfsense book for everyone is a must to have. Cool!