4. New Install of pfsense, L3 managed switch with vlans, no internet

New Install of pfsense, L3 managed switch with vlans, no internet

  • M

    Hello,

    I'm new to pfsense. I installed a dockerized version of pfsense 2.4.4 p1 on my unRaid server. The docker has exclusive use of a 4 port Intel ethernet card (so no bridging).

    My network topology is as follows:

    internet----ISP modem (bridge mode) PPPOe---pfsense---LAN(172.16.0.1 /30)----Cisco 3560e switch (172.16.0.2--port 2).

    The switch has been handling all of my dhcp duties. I currently have 6 vlans configured on the switch, with interVLAN routing working.

    Vlan 10 -- 10.0.10.1/24
    Vlan 20 -- 10.0.20.1/24
    Vlan 30 -- 10.0.30.1/24 etc...

    Vlan 66 -- 172.16.0.2 TRANSIT

    I have configured pfsense as per this thread: https://forum.netgate.com/topic/94609/installing-pfsense-with-a-layer-3-switch/2

    0_1549925885797_f45d3b36-5785-444a-80d1-5ebe3ae765e0-image.png

    I know the WAN shows as down here. I have to keep changing my configuration to re-establish my internet connection. I have two modems--one which is configured the "normal way", bypassing pfsense, and the second that is set in bridge mode and runs through pfsense.

    0_1549925106224_9352fbca-1f3f-4114-bc58-7d5a02a3ab5c-image.png

    0_1549925234164_8dc56334-affd-4cca-b0fd-88aed152c994-image.png

    After two weeks of fussing with this, I was finally able to ping 8.8.8.8 from both the pfsense box and my cisco switch. However, I still cannot get an internet connection.

    All interVLAN routing is working. I can ping from any vlan to any other vlan. I can ping the default gateway, and I can ping the pfsense box at 172.16.0.1.

    My route of last resort in the cisco is set to 0.0.0.0 0.0.0.0 172.16.0.1

    I'm missing something obvious. I think it may be dhcp or dns related, but I don't know enough about networks to be sure.

    Any help would be greatly appreciated.

    0
  • LAYER 8 Netgate

    What are the firewall rules on the transit interface of pfSense?

    0
  • M

    0_1549934632506_99288820-c278-41db-a10f-6f84a28fc52e-image.png

    0_1549934697125_8bc19253-06cc-4646-a332-5e442902da0d-image.png

    These are the only firewall rules that are configured.

    0
  • LAYER 8 Netgate

    Those WAN pass any rules are almost certainly not what you want. Dangerous.

    Outbound NAT?

    0
  • M

    0_1549936032162_0bec6b4d-20e4-48f0-9215-390360c44af6-image.png

    0
  • LAYER 8 Netgate

    Looks fine. Going to have to apply some basic network troubleshooting skills to see what is not working.

    0
  • M

    I noticed that the source under NAT says local host (127.0.0.0). Would this be true even if you are running pfsense as a virtual machine?

    Yeah, I know that the WAN rules are too open. I just wanted something for testing.

    0
  • LAYER 8 Netgate

    Where in NAT? Outbound?

    Yes, it is perfectly normal to apply outbound NAT to localhost addresses and whether or not it is a VM has nothing to do with anything.

    0
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy