Issues with multiple vlans on LAN network
-
It's been a few years since I've used PFSense. I was looking to setup a proxy so I built a new VM to run pfsense in a vsphere 7 environment. I configured two NICS, one in a DMZ and the other an internal server vlan. I installed squid proxy and configured it and tested. Everything seemed to be working properly. However, after a day or so pfsense stopped allowing traffic from other vlans.
For example,
WAN/DMZ - 192.168.1.10
LAN - 192.168.5.10A server at 192.168.5.21 can access pfsense's web interface as well as ssh and the proxy. But a vm on a different vlan, 192.168.10.31 cannot. The physical switches allow for traffic to go from 192.168.10.0/24 to 192.168.5.0/24 but the proxy no longer responds to pings, nor can I log into the web interface. from 192.168.10.31, even though I was able to initially.
I assume there is something configured that is causing this but so far, I've not been able to determine what that is or how best to address it. I'm hoping someone here can point me in the right direction. I've tried added vlans under the interface assignments menu but that did not help.
I've looked at adding a gateway for the LAN interface and a static route for the other vlans but that doesn't explain why it was working initially.
-
@baron164
"The physical switches allow for traffic to go from 192.168.10.0/24 to 192.168.5.0/24"So you're using a layer 3 switch? Then pfSense isn't blocking anything. If not a layer 3 switch, what does that statement mean?
-
@jarhead Just meant that the core switches handle routing between vlans. Or at least that's been my understanding. Oddly enough traffic started flowing again, nut sure if it was something I changed or if there is just something odd going on with the network.
I disabled the "block private networks and loopback addresses" as well as the "block bogon networks" options on the WAN interface. So perhaps that had something to do with it. The WAN interface is still an internal vlan so perhaps that was it?
-
@baron164 If that's true then you have some issues in your network. The WAN shouldn't have any effect on the LAN side.
So then they are layer 3 switches so, again, how would pfSense have any effect on vlans it doesn't even know exist?
-
@jarhead I agree, a WAN issue shouldn't affect the LAN side. When connections to the LAN side worked from a system on the same subnet, and connections from systems on different subnets didn't work, I assumed something on pfsense itself was dropping or blocking traffic from other subnets. But the default any/any rules are still active so I couldn't think of a reason why it would be doing that. But it's certainly odd that it seemingly broke for 12+ hours and then randomly started working again.
So far, the network engineer hasn't found any issues on his end. Doesn't mean there aren't any, he's just not finding them. For now, all I can do is sit and wait to see if it breaks again.
Assuming pfsense is fine, which it very well could be, my best guess is that one of the switches/routers isn't syncing the config properly with its HA partner and when it switches over the route breaks. But since I don't have access I can't go through all of them and check.