4. PfSense Firewall VLAN some time work sometime not & Internet is not working

PfSense Firewall VLAN some time work sometime not & Internet is not working


  • Hi,
    Myself Lokesh Kamath. We have newly installed pfSense v- trying to configure VLAN. 1st time configuring firewall. So need your help to solving my issue.

    In server there are 3 Network Cards.

    1. ISP WAN IP - 203.xx.xx.xxx
    Subnet - 255.xxx.xxx.xxx
    Gateway - 203.xx.xx.xxx

    2. ISP LAN IP - 180.xxx.xx.xx
    Subnet - 255.xxx.xxx.xxx
    Gateway - 180.xx.xx.xxx

    3. LAN IP - 192.192.xx.x
    Subnet - 255.255.255.0
    Gateway - Same as LAN IP (Default Gateway)

    Next We have created VLAN's on LAN IP i.e. 192.192.xx.x

    VLAN's are as mentioned below
    1. VLAN ID - 10 Servers ( We should use default IP Address i.e 192.192.xx.x) because We have Domain Controller in this. Is this possible?Server has to communicate with Printers, Finance, U1, U2 & U3
    2. VLAN ID - 20 Printers (IP Address 192.168.20.1, DHCP enabled i.e. 192.168.20.100 to 192.168.20.125)
    3. VLAN ID - 30 Finance (IP Address 192.168.30.1, DHCP enabled i.e. 192.168.30.100 to 192.168.30.150) Finance has to communicate with Servers & Printers U1, U2 & U3
    4. VLAN ID - 101 U1 (IP Address 192.168.100.1, DHCP enabled i.e. 192.168.101.100 to 192.168.101.150) U1 has to communicate with Servers & Printers, U1, U2 & U3
    5. VLAN ID - 101 U2 (IP Address 192.168.102.1, DHCP enabled i.e. 192.168.102.100 to 192.168.102.150) U1 has to communicate with Servers & Printers, U1, U2 & U3
    6. VLAN ID - 103 U2 (IP Address 192.168.103.1, DHCP enabled i.e. 192.168.103.100 to 192.168.103.150) U1 has to communicate with Servers & Printers, U1, U2 & U3

    Please guide me how to create this type VLAN. All VLAN's will different default gateway?Where to mention this?

    We have only created the VLAN. routing and other things not configured till now. So please guide me. I tried to give static route, but i don't know how to give.

    I tried with the VLAN ID 20 & 30. Client sometime IP address is receiving and sometime not ( if i restart clients are not getting IP Address, sometime takes 20 to 30min). Also inter VLAN is not pinging and Internet is also not working.
    From VLAN 20 cant access 192.192.xx.x systems, 192.168.30.100 Systems, pfSense LAN IP address  (gateway) is not pinging. Also public dns, Google is not pinging.

    Confused. Please help us to solve this issue.
    Attached few screen-shot for your reference.

    Thanks in advance.

    Lokesh Kamath





























    0

  • Hi,

    A question : what do you mean by : A WAN (ISP) and LAN (ISP) ?

    What do you mean by public DNS : the build in resolver works just fine.

    It doesn't chock you : chaving an image with a non-connected WAN interface (your first image) - and telling us that "it doesn't work"

    You want to route from where to where ?

    You are a using Realtek NIC. See other forum threads about this one. I advise you not to do so.

    Btw : pfSense didn't invent VLAN's - but make your live simpler at the beginning : one network == one NIC.

    When you cerate a LAN (or VLAN) drop in also a firewall rule that let everything in (TCP,UDP,ICMP,IPv4,IPV6). Later on, change that rule for a set of rule more adequate for your needs.

    At the beginning, stay away from floating rules.

    0

  • Hi,

    Thanks for your response.

    WAN means - the Internet Service Provider given IP to configure in Router or Firewall.
    LAN ISP - the Internet Service Provider given set of 7 Static IP address where we can configure for servers like Mail Server, FTP Server etc.

    As per the first image it's not chocking, because WAN IP they given us only 1 IP (I cant configure in 2 systems) so i gave that port to 1 switch and from there I gave IP address as LAN IP. So in pfSense INTERNET is working fine, I can ping also.

    Which Network Card you will suggest?

    I have only 2 extra ports other than WAN ISP & LAN ISP. So from 2 LAN card can I make 6 VLAN's?

    I have changed the rule as per your suggestion.

    Can we create below mentioned type VLAN? how to create? Please guide.
    VLAN's are as mentioned below
    1. VLAN ID - 10 Servers ( We should use default IP Address i.e 192.192.xx.x) because We have Domain Controller in this. Is this possible?Server has to communicate with Printers, Finance, U1, U2 & U3
    2. VLAN ID - 20 Printers (IP Address 192.168.20.1, DHCP enabled i.e. 192.168.20.100 to 192.168.20.125)
    3. VLAN ID - 30 Finance (IP Address 192.168.30.1, DHCP enabled i.e. 192.168.30.100 to 192.168.30.150) Finance has to communicate with Servers & Printers U1, U2 & U3
    4. VLAN ID - 101 U1 (IP Address 192.168.100.1, DHCP enabled i.e. 192.168.101.100 to 192.168.101.150) U1 has to communicate with Servers & Printers, U1, U2 & U3
    5. VLAN ID - 101 U2 (IP Address 192.168.102.1, DHCP enabled i.e. 192.168.102.100 to 192.168.102.150) U1 has to communicate with Servers & Printers, U1, U2 & U3
    6. VLAN ID - 103 U2 (IP Address 192.168.103.1, DHCP enabled i.e. 192.168.103.100 to 192.168.103.150) U1 has to communicate with Servers & Printers, U1, U2 & U3

    for all VLAN's we need to mention different default gateways? Where to mention this?

    Lokesh Kamath.








    0

  • Please can someone help me?

    Thanks in advance.

    Lokesh Kamath

    0

  • Any solution is there?

    0

  • Please help me.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2019 Rubicon Communications, LLC | Privacy Policy