New Install of pfsense, L3 managed switch with vlans, no internet

Moose_Flunky

Hello,

I'm new to pfsense. I installed a dockerized version of pfsense 2.4.4 p1 on my unRaid server. The docker has exclusive use of a 4 port Intel ethernet card (so no bridging).

My network topology is as follows:

internet----ISP modem (bridge mode) PPPOe---pfsense---LAN(172.16.0.1 /30)----Cisco 3560e switch (172.16.0.2--port 2).

The switch has been handling all of my dhcp duties. I currently have 6 vlans configured on the switch, with interVLAN routing working.

Vlan 10 -- 10.0.10.1/24
Vlan 20 -- 10.0.20.1/24
Vlan 30 -- 10.0.30.1/24 etc...

Vlan 66 -- 172.16.0.2 TRANSIT

I have configured pfsense as per this thread: https://forum.netgate.com/topic/94609/installing-pfsense-with-a-layer-3-switch/2

0_1549925885797_f45d3b36-5785-444a-80d1-5ebe3ae765e0-image.png

I know the WAN shows as down here. I have to keep changing my configuration to re-establish my internet connection. I have two modems--one which is configured the "normal way", bypassing pfsense, and the second that is set in bridge mode and runs through pfsense.

0_1549925106224_9352fbca-1f3f-4114-bc58-7d5a02a3ab5c-image.png

0_1549925234164_8dc56334-affd-4cca-b0fd-88aed152c994-image.png

After two weeks of fussing with this, I was finally able to ping 8.8.8.8 from both the pfsense box and my cisco switch. However, I still cannot get an internet connection.

All interVLAN routing is working. I can ping from any vlan to any other vlan. I can ping the default gateway, and I can ping the pfsense box at 172.16.0.1.

My route of last resort in the cisco is set to 0.0.0.0 0.0.0.0 172.16.0.1

I'm missing something obvious. I think it may be dhcp or dns related, but I don't know enough about networks to be sure.

Any help would be greatly appreciated.

Derelict

What are the firewall rules on the transit interface of pfSense?

Moose_Flunky

0_1549934632506_99288820-c278-41db-a10f-6f84a28fc52e-image.png

0_1549934697125_8bc19253-06cc-4646-a332-5e442902da0d-image.png

These are the only firewall rules that are configured.

Derelict

Those WAN pass any rules are almost certainly not what you want. Dangerous.

Outbound NAT?

Moose_Flunky

Derelict

Looks fine. Going to have to apply some basic network troubleshooting skills to see what is not working.

Moose_Flunky

I noticed that the source under NAT says local host (127.0.0.0). Would this be true even if you are running pfsense as a virtual machine?

Yeah, I know that the WAN rules are too open. I just wanted something for testing.

Derelict

Where in NAT? Outbound?

Yes, it is perfectly normal to apply outbound NAT to localhost addresses and whether or not it is a VM has nothing to do with anything.