cannot routing over pfsense on vlan
-
Hello everyone, sorry for my english..
I have pfsense on minipc. pfsense has LAN with captive portal for home users. captive portal is connected to active directory. That's fine and working. pfsense has configured VLAN for guest user. Devices is obtained IP address from pfsense, but devices cannot ping to pfsense. routing over pfsense don't work as well.
Do you have any idea? I can´t find mistake on configuration.
Thank you, Ajtak
-
bump...
Do you have some idea?
-
Have you added firewall rules to that VLAN to permit access?
What shows the filter log?
-
Yes, I have rule, which allowed all traffic, but nothing matching on this rule.
Devices has answer ping from all another devices on VLAN, but cannot ping to pfsense. it's frustrating.
Floating is empty.
-
@ajtak said in cannot routing over pfsense on vlan:
evices cannot ping to pfsense
Well you have no rule that allows icmp.. So no you wouldn't be able to ping anything. That top rule you marked is TCP.
None of your rules would allow icmp.. As to routing - don't see any hits on any of your rules.. Have you generated any traffic to pfsense that would match at all..
-
Sorry, I'm blind. It's true...
But.. Last rule logged all traffic, when doesn't match rules before this rule? if so, nothing happens anyway.Routing - yes pfsense is OK. traffic from LAN to openvpn, ipsec or internet is OK.
-
I don't see any hits on that rule, you sure the default rule just didn't log..
-
resume:
pfsense LAN IP 192.168.254.254/24
pfsense VLAN IP 10.40.254.0/24device 1 on LAN has obtained IP 192.168.254.101/24 from DHCP
device 2 on LAN has obtained IP 192.168.254.102/24 from DHCP
device 3 on VLAN has obtained IP 10.40.254.101/24 from DHCP
device 4 on VLAN has obtained IP 10.40.254.102/24 from DHCPping reply is ok betwen device 1 and device 2
ping reply is ok betwen device 1 and pfsense LAN IP
ping reply is ok betwen device 2 and pfsense LAN IPping reply is ok betwen device 3 and 4
ping reply isn't ok betwen device 3 and pfsense VLAN IP
ping reply isn't ok betwen device 4 and pfsense VLAN IProuting table on device 3 and device 4 has default route 0.0.0.0/0 -> 10.40.254.254
-
@ajtak said in cannot routing over pfsense on vlan:
pfsense VLAN IP 10.40.254.0/24
That is NOT an ip, that is a network. And for sure doesn't match what you stated the gateway is
routing table on device 3 and device 4 has default route 0.0.0.0/0 -> 10.40.254.254
ping reply is ok betwen device 3 and 4
That has ZERO to do with pfsense, since they are on the same network.
-
sorry ip 192.168.254.254 with subnet mask 24 etc..
-
So what happens when device 3 or 4 pings lan IP 192.168.254.254
Did you alter your rules to allow icmp on your vlan?
Do you have any floating tab rules? Those could be blocking as well, even if you allow on your vlan rules.
-
I can setup icmp rule remotly, but I'll be at the router in four hours for testing traffic.
I don't have rules on floating tab. tab is empty.
-
I'm allowed icmp from 192.168.254.0/24 and device 3 has reply from 192.168.254.254. is it OK?
-
That makes zero sense you mean you allowed icmp TO, not from..
Rules are placed on interfaces where traffic enters pfsense.
-
I'm added next rule which allowed all trafic to VLAN address. icmp to VLAN IP still don't working.
