Allow all trafic from a vlan problem.



  • Hy

    Im a little bit confused about my problem.
    I have a mobile vlan for the smartphones and i want to enable all trafic from it to the internet, but i get blocked when a program tries to use random port every time not mather how i add the rule to the fw to enable the outgoing trafic.
    Im running on HA cfg, i dont know it is need to be set up a plus nat from this vlan.

    Thanks for the help!

    bolvar


  • LAYER 8 Global Moderator

    Your going to have to show us the rules your putting on the vlan.. And yeah if you dicked with outbound nat and changed it from auto, you would have to make sure your new vlan is being correctly natted outbound if you want internet.



  • @johnpoz

    I have a lot of rule and it hase internet on it, just a few app fail to connect what uses random port.
    And if i set up to source my mobile wifi destination everything on my wan gw the apps didnt work, if i change to default gw it wokres but then i can reach thing on my lan what is not so good.
    I have hybrid nat ticked in.
    pfsense_mobilevlan.jpg


  • LAYER 8 Global Moderator

    @bolvar said in Allow all trafic from a vlan problem.:

    if i change to default gw it wokres but then i can reach thing on my lan

    Well you put a rule above that rule that blocks where you don't want clients to go..

    All of those allow rules are pretty pointless.. Why do you think you need a an allow rule to Wan Net? for your vpn?

    Rules are evaluated top down, first rule to trigger wins, no other rules are evaluated.

    Chromecast is multicast - not sure how you think that Google_Chromecast is going to work.. The chromecast needs to be on the same L2 as the clients.



  • @johnpoz

    Thats a funny thing when someone tries to connect from the mobile phone via vpn it not worked.I put this rule in and voálá worked.
    Half of the rule is for testing, aka chromecast to. But avahi is helping about this problem.
    In mikrotik this was az easy setup i didnt need to setup a lot of deny rule to my other vlan-s.But if there is no other way i will do.


  • LAYER 8 Global Moderator

    You don't need to setup a lot of deny rules... It can be done with 1..

    Are you trying to connect from your mobile phone to your vpn from your own internal wifi network? For why? Is your own internal network hostile?? Mobile phone on their cell network sure ok - that rule would be on your wan not your lan..

    Not sure where there is to play with with chromecast - its L2, its not going to talk to pfsense in anyway at all.. Clicking and making rules without any idea of how they work isn't going to get you anywhere! ;)

    The raktar_kaputelefon to Mobilevoipclients - not sure what that is suppose to do? The only source on your mobile wifi could be IPs on your mobilewifi, and then I assume mobile voip clients are also on this mobile wifi network - traffic between devices on the same network, ie mobile wifi would not even touch pfsense - so how would that rule come into play?


Log in to reply