Can't get inter VLAN communication



  • I've setup a couple of VLANs, and they're working as expected except for one small problem. I can't access (ping or whatever) hosts on one VLAN from the other.

    My understanding is that pfsense will default to allowing inter VLAN communication.

    From one VLAN I can ping the other VLANs gateway (e.g. from 192.168.20.10 I can ping 192.168.40.1) - but I can't ping the host on 192.168.40.11)

    The only firewall rules I have on the two VLANs are the default allow ( ip4*  vlan20 net  *  *  *  WAN_DHCP  none)

    If I run packet capture on the VLAN that I am trying to ping I don't see any traffic.
    I do see traffic on the VLAN that initiates the ping.

    Any ideas what could be wrong???



  • @baj702:

    The only firewall rules I have on the two VLANs are the default allow ( ip4*  vlan20 net  *  *  *  WAN_DHCP  none)

    This rule only allows packets to the WAN_DHCP gateway!
    Set the GW to any (default) if you want to allow internal communication.



  • Thanks for the reply. The WAN_DHCP gateway is set as the default gateway. I specified WAN_DHCP to just be explicit, as in NOT the VPN gateway. I thought it was just redundant though. To my surprise, when I changed to default it worked.

    I don't understand why that made a difference. Also, then how would I get a VLAN that uses the VPN gateway to communicate with a VLAN that uses the default?



  • The gateway option in the rule forces packets to the GW which is set there.

    If you need the GW option in a rule for directing packet to VPN GW or something else you need to add an additional rule for internal communications. Consider the rule order in this case and also that you need rules with default gw to allow access from clients to pfSense itself for DNS or DHCP if needed.


  • LAYER 8 Netgate

    https://doc.pfsense.org/index.php/Bypassing_Policy_Routing

    Your life would be simpler if you just left that rule as the default gateway instead of gateway WAN_DHCP unless you have some Multi-WAN going on and it is necessary.



  • Thanks for the link. Everything is working perfect now. I'm going to sleep like a baby tonight!!


Log in to reply