VLAN config IPv4 Configuration Type

internetxs · Apr 20, 2020, 5:57 PM

Hello

I configured a vlan on my pfsense. This vlan (vlan 222) is still existing on another network. In order to make my devices to be able to communicate with the devices in my existing external vlan i set my IPv4 Configuration Type to DHCP which then as expected gets an ip adres etc.
Now based on above i created new vlan's on pfsense router and those vlans can communicate with vlan 222 and all communication then goes out via the dhcp ip adres.
Now here is my challenge.
On the pfsense you can set firewall rules which opens ports on the wan in order to communicate for example with port 80 on ip 192.168.1.2 this is pretty straight forward.
Is there a way to configure the system as such that it allows to reach devices in vlan 222?
so from a flow perspective: public-ip>pfsense>dhcp ip in vlan222>the device in vlan222

BR

martin

JKnott · Apr 20, 2020, 6:20 PM

@internetxs

You don't configure to reach VLANs. You configure to reach IP addresses.

internetxs · Apr 20, 2020, 6:30 PM

So maybe if i visualize it

The moment that i enable it.. i get ip 192.168.150.253 which is given by another dhcp server in that vlan

and the dhcp in that vlan is on 192.168.150.1 so when i go from another vlan i will go via 192.168.150.253

bingo600 · Apr 22, 2020, 6:46 PM

A VLAN is Layer 2 communication , MAC address oriented.
The pfSense firewall is a Layer 3 device , as most firewalls are.

pfSense filters (allows/deny) based on IP addresses.
Your Vlan150 example uses the ip range 192.168.150.xx , so i'll assume the Vlan222 uses.

On each interface where you have devices that has to reach hosts in Vlan222 , you would need to allow that "interface ip range" to send packets to the Vlan222 ip range.

Ie. the fw rule on the Vlan150 would be :

Action pass
Interface "Vlan150"
Addr Fam IPv4
Proto Any
Source Vlan150 net
Dest Vlan222 net

Now pray that your Vlan222 hosts have def-gw on the pfSense box , or you'll have to play with routes.

/Bingo