[SOLVED] trafic beetween two vlans



  • Hi guys,

    I have a cisco manage switch and a pfsense firewall with 1 WAN, 1 LAN and 4 OPT Inputs.
    i have configured my vlans (VLAN 50: 10.1.50.x, VLAN 60: 10.1.60.x) on the switch: i have created my vlans and configured the ports (as Trunk) and one port as trunk, tagged which contains both vlans.
    connected my lan from pfsense to this one port which contains both vlans.

    so i have internet connection and i get the right ip adress but if i want to allow traffic beetween vlans it doenst work.
    my rules is source: vlan50, desti: vlan60, protokoll: any

    and btw i can't ping my firewall: 10.1.10.1 from a device in a vlan but i can access the web configuration of pfsense.

    have any idea ?

    thank you in advance


  • LAYER 8 Global Moderator

    you would need rules on both vlan interfaces.. Please post up your rules on your interfaces via screenshot.



  • Do you have firewall rules on the VLAN interfaces on the firewall ?

    Beaten to it by John again :)



  • On have no Rules on LAN interface, on WAN block all IPv4 and IPv6

    on VLAN50:

    DNS source: VLAN50 net dist: *
    HTTP source: VLAN50 net dist: *
    HTTPS source: VLAN50 net dist: *
    SMTP source: VLAN50 net dist: *
    POP source: VLAN50 net dist: *
    IMAP source: VLAN50 net dist: *

    on VLAN60:

    DNS source: VLAN60 net dist: *
    HTTP source: VLAN60 net dist: *
    HTTPS source: VLAN60 net dist: *

    i have tried this rule on VLAN50 Interface:

    Source: VLAN50, dist: VLAN60, protokoll: any

    this should actually work right ? but i cant ping VLAN60 devices from VLAN50


  • LAYER 8 Netgate

    Can you ping the VLAN60 pfSense interface address?


  • Banned

    @zappata:

    this should actually work right ? but i cant ping VLAN60 devices from VLAN50

    If these devices run Windows you'll have to completely disable the windows integrated firewall, else they won't reply to pings from different subnets.



  • no i cant and thats the problem.

    yeah they have windows.

    ok i will try it. thanks


  • LAYER 8 Netgate

    If you cannot ping the VLAN60 pfSense interface address then it's not a local firewall on the hosts.

    It will probably be better if you post actual screen shots to your rules pages instead of some description of what you think you have done.

    If it was done how you described it would be working.



  • It's not something stupid is it, like the wrong subnet masks on the clients.

    Does windows default to a 255.0.0.0 mask when using address space from the 10.0.0.0/8 range.

    If this is the case is will think all traffic to 10.x.x.x is local.



  • thank you guys.
    I solved the problem.

    It was the Anti Virus software and firewall of Windows


Log in to reply