DHCP no internet. Guest WIFI VLAN



  • Hey guys, I'm pulling my hair out here.

    I have a PFsense box with three nics. wan, lan, opt1 (guest wifi). I believe I have successfully setup vlan 666 for the guest network or I at least get a dhcp address with the correct ip (192.168.0.3), gw (192.168.0.1), subnet (255.255.254.0), and dns 8.8.8.8 I have a vlan interface setup on the 3com 2952 with the ip address of 192.168.0.253 that I can ping. I cant ping the gateway or the dns servers.

    I have attached a network diagram along with nat and firewall rules.

    I have a feeling I am missing maybe a static route in the switch or messed up the firewall or nat rules. I'm not sure whats required to be honest.

    Any help would be appreciated greatly. :)
    ![Screen Shot 2016-11-17 at 7.57.52 PM.png](/public/imported_attachments/1/Screen Shot 2016-11-17 at 7.57.52 PM.png)
    ![Screen Shot 2016-11-17 at 7.53.24 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2016-11-17 at 7.53.24 PM.png_thumb)
    ![Screen Shot 2016-11-17 at 7.53.24 PM.png](/public/imported_attachments/1/Screen Shot 2016-11-17 at 7.53.24 PM.png)
    ![Screen Shot 2016-11-17 at 7.59.44 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2016-11-17 at 7.59.44 PM.png_thumb)
    ![Screen Shot 2016-11-17 at 7.59.44 PM.png](/public/imported_attachments/1/Screen Shot 2016-11-17 at 7.59.44 PM.png)
    ![Screen Shot 2016-11-17 at 7.57.52 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2016-11-17 at 7.57.52 PM.png_thumb)


  • Rebel Alliance Global Moderator

    Your blocking rfc1918 on your guestwireless.. So how exactly would they do anything??

    Rules are evaluated top down, first to trigger wins..  Clearly all source IPs are going to be rfc1918 (192.168/16, 10/8, 172.16/12) so yeah pfsense going go drop those packets going anywhere.

    Also completely pointless to block bogon on a local interface..

    How is your vpn setup with a 10.8.0/24 and then you have a 10/8 on your lan??  Those overlap - that is borked!

    Why would your switch need a route???  Are you using it in layer 3 mode as a router?  If so then your doing even more wrong..

    Why do you have 2 connections going to your AP??



  • @johnpoz:

    Your blocking rfc1918 on your guestwireless.. So how exactly would they do anything??

    Rules are evaluated top down, first to trigger wins..  Clearly all source IPs are going to be rfc1918 (192.168/16, 10/8, 172.16/12) so yeah pfsense going go drop those packets going anywhere.

    Also completely pointless to block bogon on a local interface..

    Good point! I undid that mess and it works now!

    How is your vpn setup with a 10.8.0/24 and then you have a 10/8 on your lan??  Those overlap - that is borked!

    I moved the vpn to a different subnet.

    Why would your switch need a route???  Are you using it in layer 3 mode as a router?  If so then your doing even more wrong..

    Why do you have 2 connections going to your AP??

    Only have one in reality. I meant to show both vlans going to the ap.

    Thanks for the pointers. Networking is not my strong suite. yet..


  • Rebel Alliance Global Moderator

    So you got everything work, if not just ask - here to help.