Access to pfsense webui from other vlan

mandeepmails

see if this helps…my lab environment any of the virtual machines (subnets) can't do anything

i tried even checking logs / packet captures, seem like packet replies come back and lost over pfsense as they dont get to know how to go completely till 10.100.64.X

johnpoz

How do you possible to have a 0 ms to hop 3??  Not possible.

From your client ping pfsense IP on your lan 192.168.1.1 address.

And your lan rule is only tcp.. So why would you expect icmp to work, or dns for that matter, etc.

Snailkhan

@viragomann:

Of course, it would also work with a static route for the particular subnets. But why want you only route certain IPs out to LAN? Since your WAN is down, the only way out is the LAN gateway, so set it as default gateway. Otherwise pfSense won't get internet access for updates, package installation, DNS, etc.

The web ui on lan interface is only accessible from other vlan if wan interface is up.

i want to reach via LAN to those networks that are reachable via lan interface.

johnpoz

"The web ui on lan interface is only accessible from other vlan if wan interface is up."

Hand how are you routing to the lan IP on your downstream router?

mandeepmails

still no success i tried setting up OPT1 interface for getting online the virtual machine subnets

i created vlan tags and assigned ip address on Pfsense. i also plugged in a direct ether cable (trunk) from cisco layer3 switch to the Pfsense OPT1 interface. which is configured as trunk on cisco switch with all those vlans allowed.

when it didn't work i tried disabling firewall (packet filtering) under advanced, hoping it fixes everything….i'm okay to skip firewall function as my main concern is to have pfsense as a router in first place and get everything working in this topology.

i'm willing to get 192.168.1.X to reach 10.100.64.X and other LAN subnets
ANd, yes all these LAN subnets to access the WAN Internet BAU

johnpoz

Can your PC ping the IP of pfsense lan?  Do a trace route.. Your pc should hit 10.100.64.1 and then 192.168.1.1

If you can not ping pfsense lan - then no your never going to get to the internet… Its simple outbound nat that is set when you create the route..

Post up your lan rules on pfsense, and you outbound nat rule and your routes... And your traceroute from you client pc..

Why are you creating tags now??  Makes ZERO sense to do that...

Snailkhan

@johnpoz:

Can your PC ping the IP of pfsense lan?  Do a trace route.. Your pc should hit 10.100.64.1 and then 192.168.1.1

If you can not ping pfsense lan - then no your never going to get to the internet… Its simple outbound nat that is set when you create the route..

Post up your lan rules on pfsense, and you outbound nat rule and your routes... And your traceroute from you client pc..

Why are you creating tags now??  Makes ZERO sense to do that...

my thread hijacked :(

he is using a l3 switch and that switch doesnt supports nat so where will it throw the traffic.
He can create vlan and do intervlan on pfsense simple as that.

Snailkhan

i hope that my problem will be solved if i tell pfsense that to reach the ip subents for vlan 5, and vlan 30 route them via lan interface rather then nating.

mandeepmails

Everyone,

i've ripped apart all the configurations from the PFSENSE box and re-installed it. Configured it again as i know this is capable for meeting my requirements. But not able to achieve it.

The PC has 3 NICs
BGE0 - used for WAN PPPoE i.e., setup and works
RL1 - used with my Home Network 192.168.1.X i.e., setup and works
RL0 - for the LAB Network 10.100.64.X and 10.100.65.X i.e., Not Working (where i need your help)

For the LAB Network to be able to access the Internet and accessible from the outside home
I use it with my study partner to access the virtual machine (using Team-viewer or Anydesk etc)

Now, what is happening…
i have the direct ethernet cable going from the RL0 to the Cisco Switch 3560 Port 18 (which doesn't support NAT)
The virtual machines can't access the outside websites
And as a matter fact the virtual machines aren't accessible from other 192.168.1.X (home network)

I would be really happy to see it work flawlessly and for the same reason i've done all the required configurations on both devices (PFSENSE and Cisco Switch)

I understand what it looks like but not happening

mandeepmails

snailkhan@ i'm opening new fresh post if you feel it's not exactly the same scenario..but i guess similar issue existed for me when i tried accessing webgui for Pfsense using my lab network it didn't work.

anyways i hope it works. Thanks for all your help.

see you there.