New Install of pfsense, L3 managed switch with vlans, no internet
I'm new to pfsense. I installed a dockerized version of pfsense 2.4.4 p1 on my unRaid server. The docker has exclusive use of a 4 port Intel ethernet card (so no bridging).
My network topology is as follows:
internet----ISP modem (bridge mode) PPPOe---pfsense---LAN(172.16.0.1 /30)----Cisco 3560e switch (172.16.0.2--port 2).
The switch has been handling all of my dhcp duties. I currently have 6 vlans configured on the switch, with interVLAN routing working.
Vlan 10 -- 10.0.10.1/24
Vlan 20 -- 10.0.20.1/24
Vlan 30 -- 10.0.30.1/24 etc...
Vlan 66 -- 172.16.0.2 TRANSIT
I have configured pfsense as per this thread: https://forum.netgate.com/topic/94609/installing-pfsense-with-a-layer-3-switch/2
I know the WAN shows as down here. I have to keep changing my configuration to re-establish my internet connection. I have two modems--one which is configured the "normal way", bypassing pfsense, and the second that is set in bridge mode and runs through pfsense.
After two weeks of fussing with this, I was finally able to ping 220.127.116.11 from both the pfsense box and my cisco switch. However, I still cannot get an internet connection.
All interVLAN routing is working. I can ping from any vlan to any other vlan. I can ping the default gateway, and I can ping the pfsense box at 172.16.0.1.
My route of last resort in the cisco is set to 0.0.0.0 0.0.0.0 172.16.0.1
I'm missing something obvious. I think it may be dhcp or dns related, but I don't know enough about networks to be sure.
Any help would be greatly appreciated.
What are the firewall rules on the transit interface of pfSense?
These are the only firewall rules that are configured.
Those WAN pass any rules are almost certainly not what you want. Dangerous.
Looks fine. Going to have to apply some basic network troubleshooting skills to see what is not working.
I noticed that the source under NAT says local host (127.0.0.0). Would this be true even if you are running pfsense as a virtual machine?
Yeah, I know that the WAN rules are too open. I just wanted something for testing.
Where in NAT? Outbound?
Yes, it is perfectly normal to apply outbound NAT to localhost addresses and whether or not it is a VM has nothing to do with anything.