4. Vlan10 to LAN

Vlan10 to LAN

  • S

    Hi,

    I made a Vlan, named VLAN10.
    I would like to make it possible to connect from VLAN10 to one specific Host, i made alias for it and created a pass rule at the VLAN10 TAb.
    But i couldnt connect to it, what did i do wrong, do i need to setup some routing rule from LAN to VLAN10?

    Hope somedody could help.

    Tnx in Adv,

    0

  • How is that host connected?  Some computers can be configured to use a VLAN.  Otherwise, you need a managed switch, to put an access port on the VLAN.

    0
  • S

    Tnx for your answer, its connected as following.

    I have a managed switch (Zyxel GS 1900 - 24) at this switch i created a vlan (Vlan10) at this vlan I have port 1 - tagged (this is the trunk port to pfsense) and Port 11-14 untagged. all other ports are excluded

    Vlan1 (default vlan at the switch) all ports are untagged.

    At pfsense i have a wan and a lan interface and a Vlan (called vlan10, lan interface as parent). The lan has a DHCP range at 192.168.0.x and the vlan has a DHCP range at 192.168.10.x.

    At this moment port 11-14 get a IP from the VLAN range, and the other ports gets a ip from the lan range (like I would) only thing is how can I setup that a host from Vlan10 can connect a certain host at the LAN. Like I said I created a rule with a alias, but no luck.

    Hope this clarifies things

    Kind Regards

    0
  • Netgate

    Please post your rules because that is what you need to do. If you did and it is not working, we'll need more details to see what you did wrong.

    https://doc.pfsense.org/index.php/Firewall_Rule_Basics

    https://doc.pfsense.org/index.php/Firewall_Rule_Troubleshooting

    0
  • S

    LAN

    vlan

    wan

    hope it helps, i can ping the lan proxy from the vlan but thats it

    0
  • Netgate

    You need to bypass policy routing for the local networks.

    https://doc.pfsense.org/index.php/Bypassing_Policy_Routing

    0
  • H

    you ordering is wrong. only the first rule gets triggered.

    also:

    Vlan1 (default vlan at the switch) all ports are untagged.

    untagging multiple vlans on the same ports isn't really a good idea….

    0

  • I have a managed switch (Zyxel GS 1900 - 24) at this switch i created a vlan (Vlan10) at this vlan I have port 1 - tagged (this is the trunk port to pfsense) and Port 11-14 untagged. all other ports are excluded

    Do you have any ports configured as an access port, but on VLAN 10?  A trunk port carries all VLANs plus native LAN.  To separate out the VLANs for computers etc., you have to assign an access port to a VLAN.

    0
  • S

    @Derelict:

    You need to bypass policy routing for the local networks.

    https://doc.pfsense.org/index.php/Bypassing_Policy_Routing

    Made the following two rules in the LAN interface for testing:

    But cant ping anybody on the other vlan, any ideas?

    @heper:

    you ordering is wrong. only the first rule gets triggered.

    also:

    Vlan1 (default vlan at the switch) all ports are untagged.

    untagging multiple vlans on the same ports isn't really a good idea….

    Thanks changed it!

    @JKnott:

    I have a managed switch (Zyxel GS 1900 - 24) at this switch i created a vlan (Vlan10) at this vlan I have port 1 - tagged (this is the trunk port to pfsense) and Port 11-14 untagged. all other ports are excluded

    Do you have any ports configured as an access port, but on VLAN 10?  A trunk port carries all VLANs plus native LAN.  To separate out the VLANs for computers etc., you have to assign an access port to a VLAN.

    Cant find anything about it, i dont know if the switch has such a option, will do some researched on it!

    0

  • Cant find anything about it, i dont know if the switch has such a option, will do some researched on it!

    If it's a managed switch, it should.  One of the features of a managed switch is configuring access ports to be on a specific VLAN.

    0
  • S

    Still no luck, as a switch i've got a Zyxel SG1900 "L2" switch, can that be the problem?

    0
  • Netgate

    SG1900 or GS1900?

    0
  • S

    Gs1900, sorry for the typo  :o

    0
  • H

    For zyxel look for
    advanced application–>Vlan-->vlan configuration>static vlan
    &
    advanced application-->Vlan-->vlan configuration>vlan port setup (for pvid)

    above depends a bit on the firmware version of the switch. (am currently not at a location with a gs1900, only 1920's)

    0
  • S

    Oke iam doing some progress;

    At this moment i can ping fron lan to vlan and from vlan to lan, but i have this strange thing.

    I can enter shares and rdp from lan to Vlan, but i cant rdp or enter smb shares from vlan to lan, opend all ports, rules etc. anybody a idea?

    Kind reagards

    0
  • Netgate

    Without seeing your rules, no. No ideas.

    Be sure you are not confusing not being able to mount shares with not being able to discover the shares/nodes.

    Try it by IP address instead of name.

    0
  • S

    LAN rules

    Vlan rules

    So with these rules i can ping from lan to vlan and from vlan to lan
    I can RDP and enter shares on IP from lan to vlan
    But cant RDP and enter shares from vlan to lan

    0
  • Netgate

    Well, it's not your firewall riles.

    Check the local firewall (think windows firewall) on the LAN hosts.

    0
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy