Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    VLAN to WAN

    Routing and Multi WAN
    4
    14
    7912
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      DragonII last edited by

      I have set up five VLANS and get correct IP from each VLAN, but iam not able to ping or use internet when im in any of VLAN, only LAN work.

      I cant ping from pfsense or the pc in VLAN.

      1 Reply Last reply Reply Quote 0
      • GruensFroeschli
        GruensFroeschli last edited by

        Did you create appropriate firewall rules to allow users on the VLANs out?

        1 Reply Last reply Reply Quote 0
        • D
          DragonII last edited by

          Yes. There is a screenshot on VLAN 3.

          1 Reply Last reply Reply Quote 0
          • F
            flanandorj last edited by

            Hello, I'm sorry but I do not speak English. I'm using google translator.

            I'm not getting. VLANs are not my internet.

            I created a rule equal to the Dragon II but did not work.

            I think it has something to be done before this, there in NAT. What do you think?

            1 Reply Last reply Reply Quote 0
            • GruensFroeschli
              GruensFroeschli last edited by

              Do you both actually have a VLAn capable switch and the port going to the pfSense configured as trunk for the VLANs in question?

              1 Reply Last reply Reply Quote 0
              • F
                flanandorj last edited by

                @GruensFroeschli:

                Do you both actually have a VLAn capable switch and the port going to the pfSense configured as trunk for the VLANs in question?

                Thanks.

                yes.

                I want to:

                1 - All access to VLANs interntet

                2 - All VLANs isolated. A VLAN can not access the other. This step you have helped me a few days ago.

                1 Reply Last reply Reply Quote 0
                • F
                  flanandorj last edited by

                  To facilitate the search for help

                  Screenshots





                  ![Regra WAN.JPG](/public/imported_attachments/1/Regra WAN.JPG)
                  ![Regra WAN.JPG_thumb](/public/imported_attachments/1/Regra WAN.JPG_thumb)
                  ![Regra LAN.JPG](/public/imported_attachments/1/Regra LAN.JPG)
                  ![Regra LAN.JPG_thumb](/public/imported_attachments/1/Regra LAN.JPG_thumb)
                  ![Regra Vlan - A22.JPG](/public/imported_attachments/1/Regra Vlan - A22.JPG)
                  ![Regra Vlan - A22.JPG_thumb](/public/imported_attachments/1/Regra Vlan - A22.JPG_thumb)

                  1 Reply Last reply Reply Quote 0
                  • F
                    flanandorj last edited by

                    @GruensFroeschli:

                    Do you both actually have a VLAn capable switch and the port going to the pfSense configured as trunk for the VLANs in question?

                    Pfsense =

                    fxp0 = wan > 192.168.1.254    gw: 192.168.1.1
                    rl0= Lan > 172.168.2.1
                    xl0= Vlans

                    My switch is a 3Com 4226T.

                    Is configured as:

                    Vlan Default = 1,4-23,25-26 Untagget    24 Tagget

                    Vlan 2 (A22) = 2 U      24 T
                    Vlan 3 (A28) = 3 U      24 T

                    network cable connected between pfsense (xl0 - vlans) and port 24 (switch)
                    network cable connected between host-vlan2 and port 2 (switch)
                    network cable connected between pfsense (fxp0 - Wan) and Cable Modem.

                    Get successfully ping the VLAN for ip´s Wan + gw e Lan

                    I can not ping addresses for public (internet)

                    Thanks.

                    1 Reply Last reply Reply Quote 0
                    • K
                      ktims last edited by

                      172.168.0.0/10 is AOL address space. You shouldn't use this on your LAN interface. You're probably looking for something inside 172.16.0.0/12 (or just mistyped the post).

                      Don't use VLAN 1 for any tagged traffic. I seem to recall that these 3com switches don't behave nicely when you do that, and it's generally a bad idea anyway. Don't mix tagged and untagged traffic on xl0; you said you wanted rl0 for LAN, so set that in the Interface assignment.

                      Do you have automatic NAT rule generation enabled?

                      1 Reply Last reply Reply Quote 0
                      • F
                        flanandorj last edited by

                        @ktims:

                        172.168.0.0/10 is AOL address space. You shouldn't use this on your LAN interface. You're probably looking for something inside 172.16.0.0/12 (or just mistyped the post).

                        Don't use VLAN 1 for any tagged traffic. I seem to recall that these 3com switches don't behave nicely when you do that, and it's generally a bad idea anyway. Don't mix tagged and untagged traffic on xl0; you said you wanted rl0 for LAN, so set that in the Interface assignment.

                        Do you have automatic NAT rule generation enabled?

                        Thanks.

                        The ip of my LAN is 172.16.2.1. My NAT is enabled automatically.

                        In that I am missing to make the internet for VLANs?

                        I have 3 interfaces as described.

                        You think I have only one interface to the port of Tagged and another switch for VLANs (untagged)? This will solve my problem of internet in VLANs?

                        Remembering that I do not speak English. I'm using google translator.

                        1 Reply Last reply Reply Quote 0
                        • K
                          ktims last edited by

                          I think you need to stop using id 1, switch that to another id like 10. ID 1 is special and some equipment treats it differently, it's not a good idea to use it for anything.

                          Your configuration is okay I think. Can your VLAN clients ping their gateway (pfSense VLAN ip)?

                          1 Reply Last reply Reply Quote 0
                          • F
                            flanandorj last edited by

                            @ktims:

                            I think you need to stop using id 1, switch that to another id like 10. ID 1 is special and some equipment treats it differently, it's not a good idea to use it for anything.

                            Your configuration is okay I think. Can your VLAN clients ping their gateway (pfSense VLAN ip)?

                            Yes, all VLANs are ping their gateways. Ping ip's not for the Internet.

                            1 Reply Last reply Reply Quote 0
                            • GruensFroeschli
                              GruensFroeschli last edited by

                              Did you enable advanced outbound NAT?

                              (Firewall –> NAT --> outbound --> "Manual Outbound NAT rule generation (Advanced Outbound NAT (AON))"

                              1 Reply Last reply Reply Quote 0
                              • F
                                flanandorj last edited by

                                @GruensFroeschli:

                                Did you enable advanced outbound NAT?

                                (Firewall –> NAT --> outbound --> "Manual Outbound NAT rule generation (Advanced Outbound NAT (AON))"

                                Automatic outbound NAT rule generetion (IPsec passthrough)

                                1 Reply Last reply Reply Quote 0
                                • First post
                                  Last post

                                Products

                                • Platform Overview
                                • TNSR
                                • pfSense Plus
                                • Appliances

                                Services

                                • Training
                                • Professional Services

                                Support

                                • Subscription Plans
                                • Contact Support
                                • Product Lifecycle
                                • Documentation

                                News

                                • Media Coverage
                                • Press
                                • Events

                                Resources

                                • Blog
                                • FAQ
                                • Find a Partner
                                • Resource Library
                                • Security Information

                                Company

                                • About Us
                                • Careers
                                • Partners
                                • Contact Us
                                • Legal
                                Our Mission

                                We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                                Subscribe to our Newsletter

                                Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                                © 2021 Rubicon Communications, LLC | Privacy Policy