Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PfSense Firewall VLAN some time work sometime not & Internet is not working

    Scheduled Pinned Locked Moved General pfSense Questions
    6 Posts 2 Posters 503 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • slkamathS
      slkamath
      last edited by

      Hi,
      Myself Lokesh Kamath. We have newly installed pfSense v- trying to configure VLAN. 1st time configuring firewall. So need your help to solving my issue.

      In server there are 3 Network Cards.

      1. ISP WAN IP - 203.xx.xx.xxx
      Subnet - 255.xxx.xxx.xxx
      Gateway - 203.xx.xx.xxx

      2. ISP LAN IP - 180.xxx.xx.xx
      Subnet - 255.xxx.xxx.xxx
      Gateway - 180.xx.xx.xxx

      3. LAN IP - 192.192.xx.x
      Subnet - 255.255.255.0
      Gateway - Same as LAN IP (Default Gateway)

      Next We have created VLAN's on LAN IP i.e. 192.192.xx.x

      VLAN's are as mentioned below
      1. VLAN ID - 10 Servers ( We should use default IP Address i.e 192.192.xx.x) because We have Domain Controller in this. Is this possible?Server has to communicate with Printers, Finance, U1, U2 & U3
      2. VLAN ID - 20 Printers (IP Address 192.168.20.1, DHCP enabled i.e. 192.168.20.100 to 192.168.20.125)
      3. VLAN ID - 30 Finance (IP Address 192.168.30.1, DHCP enabled i.e. 192.168.30.100 to 192.168.30.150) Finance has to communicate with Servers & Printers U1, U2 & U3
      4. VLAN ID - 101 U1 (IP Address 192.168.100.1, DHCP enabled i.e. 192.168.101.100 to 192.168.101.150) U1 has to communicate with Servers & Printers, U1, U2 & U3
      5. VLAN ID - 101 U2 (IP Address 192.168.102.1, DHCP enabled i.e. 192.168.102.100 to 192.168.102.150) U1 has to communicate with Servers & Printers, U1, U2 & U3
      6. VLAN ID - 103 U2 (IP Address 192.168.103.1, DHCP enabled i.e. 192.168.103.100 to 192.168.103.150) U1 has to communicate with Servers & Printers, U1, U2 & U3

      Please guide me how to create this type VLAN. All VLAN's will different default gateway?Where to mention this?

      We have only created the VLAN. routing and other things not configured till now. So please guide me. I tried to give static route, but i don't know how to give.

      I tried with the VLAN ID 20 & 30. Client sometime IP address is receiving and sometime not ( if i restart clients are not getting IP Address, sometime takes 20 to 30min). Also inter VLAN is not pinging and Internet is also not working.
      From VLAN 20 cant access 192.192.xx.x systems, 192.168.30.100 Systems, pfSense LAN IP address  (gateway) is not pinging. Also public dns, Google is not pinging.

      Confused. Please help us to solve this issue.
      Attached few screen-shot for your reference.

      Thanks in advance.

      Lokesh Kamath
      101.png
      101.png_thumb
      102.png
      102.png_thumb
      103.png
      103.png_thumb
      104.png
      104.png_thumb
      105.png
      105.png_thumb
      106.png
      106.png_thumb
      108.png
      108.png_thumb
      109.png
      109.png_thumb
      110.png
      110.png_thumb
      111.png
      111.png_thumb
      112.png
      112.png_thumb
      113.png
      113.png_thumb
      116.png
      116.png_thumb
      117.png
      117.png_thumb
      118.png
      118.png_thumb

      1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan
        last edited by

        Hi,

        A question : what do you mean by : A WAN (ISP) and LAN (ISP) ?

        What do you mean by public DNS : the build in resolver works just fine.

        It doesn't chock you : chaving an image with a non-connected WAN interface (your first image) - and telling us that "it doesn't work"

        You want to route from where to where ?

        You are a using Realtek NIC. See other forum threads about this one. I advise you not to do so.

        Btw : pfSense didn't invent VLAN's - but make your live simpler at the beginning : one network == one NIC.

        When you cerate a LAN (or VLAN) drop in also a firewall rule that let everything in (TCP,UDP,ICMP,IPv4,IPV6). Later on, change that rule for a set of rule more adequate for your needs.

        At the beginning, stay away from floating rules.

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        1 Reply Last reply Reply Quote 0
        • slkamathS
          slkamath
          last edited by

          Hi,

          Thanks for your response.

          WAN means - the Internet Service Provider given IP to configure in Router or Firewall.
          LAN ISP - the Internet Service Provider given set of 7 Static IP address where we can configure for servers like Mail Server, FTP Server etc.

          As per the first image it's not chocking, because WAN IP they given us only 1 IP (I cant configure in 2 systems) so i gave that port to 1 switch and from there I gave IP address as LAN IP. So in pfSense INTERNET is working fine, I can ping also.

          Which Network Card you will suggest?

          I have only 2 extra ports other than WAN ISP & LAN ISP. So from 2 LAN card can I make 6 VLAN's?

          I have changed the rule as per your suggestion.

          Can we create below mentioned type VLAN? how to create? Please guide.
          VLAN's are as mentioned below
          1. VLAN ID - 10 Servers ( We should use default IP Address i.e 192.192.xx.x) because We have Domain Controller in this. Is this possible?Server has to communicate with Printers, Finance, U1, U2 & U3
          2. VLAN ID - 20 Printers (IP Address 192.168.20.1, DHCP enabled i.e. 192.168.20.100 to 192.168.20.125)
          3. VLAN ID - 30 Finance (IP Address 192.168.30.1, DHCP enabled i.e. 192.168.30.100 to 192.168.30.150) Finance has to communicate with Servers & Printers U1, U2 & U3
          4. VLAN ID - 101 U1 (IP Address 192.168.100.1, DHCP enabled i.e. 192.168.101.100 to 192.168.101.150) U1 has to communicate with Servers & Printers, U1, U2 & U3
          5. VLAN ID - 101 U2 (IP Address 192.168.102.1, DHCP enabled i.e. 192.168.102.100 to 192.168.102.150) U1 has to communicate with Servers & Printers, U1, U2 & U3
          6. VLAN ID - 103 U2 (IP Address 192.168.103.1, DHCP enabled i.e. 192.168.103.100 to 192.168.103.150) U1 has to communicate with Servers & Printers, U1, U2 & U3

          for all VLAN's we need to mention different default gateways? Where to mention this?

          Lokesh Kamath.

          1.png
          1.png_thumb
          2.png
          2.png_thumb
          3.png
          3.png_thumb
          4.png
          4.png_thumb

          1 Reply Last reply Reply Quote 0
          • slkamathS
            slkamath
            last edited by

            Please can someone help me?

            Thanks in advance.

            Lokesh Kamath

            1 Reply Last reply Reply Quote 0
            • slkamathS
              slkamath
              last edited by

              Any solution is there?

              1 Reply Last reply Reply Quote 0
              • slkamathS
                slkamath
                last edited by

                Please help me.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.