Automatic NAT, added VLAN, sporadic firewalling
-
pfSense four port router, working just find with a WPA Enterprise AP via Unifi. I found I had to provide a WPA2 AP in order to run the latest Wyze cameras...
I added a VLAN, setup the new AP on the Unifi AP linked to the VLAN, and updated VLAN setting on the Unifi ToughSwitch. My phone can find and connect, and I see the DHCP lease in pfSense...
Surfing/etc simply does not happen. Currently I can see the DNS requests are successful, from the phone to the router, but there's nothing beyond that - not even seeing blocked output beyond that. It get even weirder - I got an email notification but opening Gmail on the phone just stalls out like the browser.
The original wifi works fine; I can swap back and forth between the two APs - the behaviour is repeatable. I've reviewed all the rules, they were identical but I've since stripped everything out in hopes of seeing what the issue is. The only rule in place for the VLAN is to pass all traffic for that interface, and since turned on logging to see what passes. And the only thing I see is successful DNS requests to the router. I've confirmed in the outbound NAT (automatic) that the IP range for the VLAN is in the list.
I might have spent 30 min or so to set things up, hours trying to figure out the last hurdle... I've looked at the port forwarding troubleshooting, but I'm spinning my wheels at this point.
-
Sigh... I figured it out. The DNS Resolver does not automatically update when a new interface is added, dunno that it should.
I re-added the rule, identical to the pre-existing ones for my LAN and WIFI, about DNS.
Then, I updated the list of network interfaces for the DNS Resolver to include the newly minted VLAN/AP. The phone can now browse the internet, and I've connected my first Wyze v3 phone.