Did you enable advanced outbound NAT?

(Firewall –> NAT --> outbound --> "Manual Outbound NAT rule generation (Advanced Outbound NAT (AON))"

Automatic outbound NAT rule generetion (IPsec passthrough)

(Firewall –> NAT --> outbound --> "Manual Outbound NAT rule generation (Advanced Outbound NAT (AON))"

I think you need to stop using id 1, switch that to another id like 10. ID 1 is special and some equipment treats it differently, it's not a good idea to use it for anything.

Your configuration is okay I think. Can your VLAN clients ping their gateway (pfSense VLAN ip)?

Yes, all VLANs are ping their gateways. Ping ip's not for the Internet.

Your configuration is okay I think. Can your VLAN clients ping their gateway (pfSense VLAN ip)?

172.168.0.0/10 is AOL address space. You shouldn't use this on your LAN interface. You're probably looking for something inside 172.16.0.0/12 (or just mistyped the post).

Don't use VLAN 1 for any tagged traffic. I seem to recall that these 3com switches don't behave nicely when you do that, and it's generally a bad idea anyway. Don't mix tagged and untagged traffic on xl0; you said you wanted rl0 for LAN, so set that in the Interface assignment.

Do you have automatic NAT rule generation enabled?

Thanks.

The ip of my LAN is 172.16.2.1. My NAT is enabled automatically.

In that I am missing to make the internet for VLANs?

I have 3 interfaces as described.

You think I have only one interface to the port of Tagged and another switch for VLANs (untagged)? This will solve my problem of internet in VLANs?

Remembering that I do not speak English. I'm using google translator.

Don't use VLAN 1 for any tagged traffic. I seem to recall that these 3com switches don't behave nicely when you do that, and it's generally a bad idea anyway. Don't mix tagged and untagged traffic on xl0; you said you wanted rl0 for LAN, so set that in the Interface assignment.

Do you have automatic NAT rule generation enabled?

Do you both actually have a VLAn capable switch and the port going to the pfSense configured as trunk for the VLANs in question?

Pfsense =

fxp0 = wan > 192.168.1.254    gw: 192.168.1.1
rl0= Lan > 172.168.2.1
xl0= Vlans

My switch is a 3Com 4226T.

Is configured as:

Vlan Default = 1,4-23,25-26 Untagget    24 Tagget

Vlan 2 (A22) = 2 U      24 T
Vlan 3 (A28) = 3 U      24 T

network cable connected between pfsense (xl0 - vlans) and port 24 (switch)
network cable connected between host-vlan2 and port 2 (switch)
network cable connected between pfsense (fxp0 - Wan) and Cable Modem.

Get successfully ping the VLAN for ip´s Wan + gw e Lan

I can not ping addresses for public (internet)

Thanks.

Screenshots


Do you both actually have a VLAn capable switch and the port going to the pfSense configured as trunk for the VLANs in question?

Thanks.

yes.

I want to:

1 - All access to VLANs interntet

2 - All VLANs isolated. A VLAN can not access the other. This step you have helped me a few days ago.

I'm not getting. VLANs are not my internet.

I created a rule equal to the Dragon II but did not work.

I think it has something to be done before this, there in NAT. What do you think?