Vlan10 to LAN
-
LAN
vlan
wan
hope it helps, i can ping the lan proxy from the vlan but thats it
-
You need to bypass policy routing for the local networks.
https://doc.pfsense.org/index.php/Bypassing_Policy_Routing
-
you ordering is wrong. only the first rule gets triggered.
also:
Vlan1 (default vlan at the switch) all ports are untagged.
untagging multiple vlans on the same ports isn't really a good idea….
-
I have a managed switch (Zyxel GS 1900 - 24) at this switch i created a vlan (Vlan10) at this vlan I have port 1 - tagged (this is the trunk port to pfsense) and Port 11-14 untagged. all other ports are excluded
Do you have any ports configured as an access port, but on VLAN 10? A trunk port carries all VLANs plus native LAN. To separate out the VLANs for computers etc., you have to assign an access port to a VLAN.
-
You need to bypass policy routing for the local networks.
https://doc.pfsense.org/index.php/Bypassing_Policy_Routing
Made the following two rules in the LAN interface for testing:
But cant ping anybody on the other vlan, any ideas?
you ordering is wrong. only the first rule gets triggered.
also:
Vlan1 (default vlan at the switch) all ports are untagged.
untagging multiple vlans on the same ports isn't really a good idea….
Thanks changed it!
I have a managed switch (Zyxel GS 1900 - 24) at this switch i created a vlan (Vlan10) at this vlan I have port 1 - tagged (this is the trunk port to pfsense) and Port 11-14 untagged. all other ports are excluded
Do you have any ports configured as an access port, but on VLAN 10? A trunk port carries all VLANs plus native LAN. To separate out the VLANs for computers etc., you have to assign an access port to a VLAN.
Cant find anything about it, i dont know if the switch has such a option, will do some researched on it!
-
Cant find anything about it, i dont know if the switch has such a option, will do some researched on it!
If it's a managed switch, it should. One of the features of a managed switch is configuring access ports to be on a specific VLAN.
-
Still no luck, as a switch i've got a Zyxel SG1900 "L2" switch, can that be the problem?
-
SG1900 or GS1900?
-
Gs1900, sorry for the typo :o
-
For zyxel look for
advanced application–>Vlan-->vlan configuration>static vlan
&
advanced application-->Vlan-->vlan configuration>vlan port setup (for pvid)above depends a bit on the firmware version of the switch. (am currently not at a location with a gs1900, only 1920's)
-
Oke iam doing some progress;
At this moment i can ping fron lan to vlan and from vlan to lan, but i have this strange thing.
I can enter shares and rdp from lan to Vlan, but i cant rdp or enter smb shares from vlan to lan, opend all ports, rules etc. anybody a idea?
Kind reagards
-
Without seeing your rules, no. No ideas.
Be sure you are not confusing not being able to mount shares with not being able to discover the shares/nodes.
Try it by IP address instead of name.
-
LAN rules
Vlan rules
So with these rules i can ping from lan to vlan and from vlan to lan
I can RDP and enter shares on IP from lan to vlan
But cant RDP and enter shares from vlan to lan -
Well, it's not your firewall riles.
Check the local firewall (think windows firewall) on the LAN hosts.