Access to pfsense webui from other vlan
-
hi
i have a pfsense and its WAN Interface is connected to VLAN 5 (BUT WAN Interface is shutdown) and its Lan Interface is connected to a switchport on vlan 4.
these vlans are created on a multiplayer switch and teh defualut gateway for all of above and other vlans reside on that switch.
now I am unable to accesss the Web ui of pfsense from client on another subnet whose default gateway happens to be also defined on the same multilayer switch.
my question is how can i access pfsense from those other subnets ? WAN Interface is DOWN.
I can only access webui if my wan interface is up.
seems some asymatric routing .. ?
how do i point those requests back via the lan interface ?Regards
-
Presumably pfSense sends its responses to its default gateway which is defined on the WAN network. Since WAN is down it cannot do that.
If the WAN should stay down, define a additional gateway (e.g. switch IP) in the LAN network and set it as default.
If your switch supports NAT you can also do masquerading on packets destined for pfSense.
-
Presumably pfSense sends its responses to its default gateway which is defined on the WAN network. Since WAN is down it cannot do that.
If the WAN should stay down, define a additional gateway (e.g. switch IP) in the LAN network and set it as default.
If your switch supports NAT you can also do masquerading on packets destined for pfSense.
Thanks for the response.
While that does makes sense can I create a static route to subnets reachable via lan interface?The fact that I can access pfsense gui via its lan interface from another subnet when Wan is enabled means that routing from my infrastructure is working which indeed is working.
I suspect that packets do reach pfsense but when pfsense replies it replies via its Wan interface. Now since those subnets are reachable via lan and shouldn't go via pfsense wan interface as nated can I add static routes to pfsense to redirect them via lan to appropriate destination router for further routing?
Since gateway is an all encompassing thing. I want more specific routes
-
Of course, it would also work with a static route for the particular subnets. But why want you only route certain IPs out to LAN? Since your WAN is down, the only way out is the LAN gateway, so set it as default gateway. Otherwise pfSense won't get internet access for updates, package installation, DNS, etc.
-
What is the routing table on your L3? So you send stuff to the wan to get to the lan IPs?
Your using your lan as the transit between pfsense and your other vlans? That reside on the downstream router?
-
similar issue in my case {attached diagram} using PC1 and PC2 i.e., other subnets my PFSENSE webUI doesn't open
i've a default route on cisco Layer3 switch for internet access
but not sure what i'm missing on PFSENSE configurations …....Attaching my routes summary from PFSENSE too
-
Well whats your rules on lan your pfsense 192.168.1 network which is now the transit for your downstream networks. Does your outbound nat nat those downstream networks? When you created the route for 10.100.64 it would of autocreated the outbound nat for you unless you had changed to manual, etc.. BTW don't see route for 10.100.65
-
Attached All.
thanks for looking into it
i'm still trying to live troubleshoot the same
-
Well on your lan rules you have only lan net… So how would 10.100.x get out??
-
added a new rule and sharing the screenshot.
can't ping from other subnet still, could you be willing to see my screen using anydesk or skype.
i'm trying to achieve this one thing for over a week now.
Appreciate your help a lot
-
see if this helps…my lab environment any of the virtual machines (subnets) can't do anything
i tried even checking logs / packet captures, seem like packet replies come back and lost over pfsense as they dont get to know how to go completely till 10.100.64.X
-
How do you possible to have a 0 ms to hop 3?? Not possible.
From your client ping pfsense IP on your lan 192.168.1.1 address.
And your lan rule is only tcp.. So why would you expect icmp to work, or dns for that matter, etc.
-
Of course, it would also work with a static route for the particular subnets. But why want you only route certain IPs out to LAN? Since your WAN is down, the only way out is the LAN gateway, so set it as default gateway. Otherwise pfSense won't get internet access for updates, package installation, DNS, etc.
The web ui on lan interface is only accessible from other vlan if wan interface is up.
i want to reach via LAN to those networks that are reachable via lan interface.
-
"The web ui on lan interface is only accessible from other vlan if wan interface is up."
Hand how are you routing to the lan IP on your downstream router?
-
still no success i tried setting up OPT1 interface for getting online the virtual machine subnets
i created vlan tags and assigned ip address on Pfsense. i also plugged in a direct ether cable (trunk) from cisco layer3 switch to the Pfsense OPT1 interface. which is configured as trunk on cisco switch with all those vlans allowed.
when it didn't work i tried disabling firewall (packet filtering) under advanced, hoping it fixes everything….i'm okay to skip firewall function as my main concern is to have pfsense as a router in first place and get everything working in this topology.
i'm willing to get 192.168.1.X to reach 10.100.64.X and other LAN subnets
ANd, yes all these LAN subnets to access the WAN Internet BAU
-
Can your PC ping the IP of pfsense lan? Do a trace route.. Your pc should hit 10.100.64.1 and then 192.168.1.1
If you can not ping pfsense lan - then no your never going to get to the internet… Its simple outbound nat that is set when you create the route..
Post up your lan rules on pfsense, and you outbound nat rule and your routes... And your traceroute from you client pc..
Why are you creating tags now?? Makes ZERO sense to do that...
-
Can your PC ping the IP of pfsense lan? Do a trace route.. Your pc should hit 10.100.64.1 and then 192.168.1.1
If you can not ping pfsense lan - then no your never going to get to the internet… Its simple outbound nat that is set when you create the route..
Post up your lan rules on pfsense, and you outbound nat rule and your routes... And your traceroute from you client pc..
Why are you creating tags now?? Makes ZERO sense to do that...
my thread hijacked :(
he is using a l3 switch and that switch doesnt supports nat so where will it throw the traffic.
He can create vlan and do intervlan on pfsense simple as that. -
i hope that my problem will be solved if i tell pfsense that to reach the ip subents for vlan 5, and vlan 30 route them via lan interface rather then nating.
-
Everyone,
i've ripped apart all the configurations from the PFSENSE box and re-installed it. Configured it again as i know this is capable for meeting my requirements. But not able to achieve it.
The PC has 3 NICs
BGE0 - used for WAN PPPoE i.e., setup and works
RL1 - used with my Home Network 192.168.1.X i.e., setup and works
RL0 - for the LAB Network 10.100.64.X and 10.100.65.X i.e., Not Working (where i need your help)For the LAB Network to be able to access the Internet and accessible from the outside home
I use it with my study partner to access the virtual machine (using Team-viewer or Anydesk etc)Now, what is happening…
i have the direct ethernet cable going from the RL0 to the Cisco Switch 3560 Port 18 (which doesn't support NAT)
The virtual machines can't access the outside websites
And as a matter fact the virtual machines aren't accessible from other 192.168.1.X (home network)I would be really happy to see it work flawlessly and for the same reason i've done all the required configurations on both devices (PFSENSE and Cisco Switch)
I understand what it looks like but not happening
-
snailkhan@ i'm opening new fresh post if you feel it's not exactly the same scenario..but i guess similar issue existed for me when i tried accessing webgui for Pfsense using my lab network it didn't work.
anyways i hope it works. Thanks for all your help.
see you there.
