Can't access internet on vlan connection (Think its a dns issue)

swalker23

Hello everyone, I am new to pfsense and I am having an issue connecting to the internet via a vlan. I’m sure this has been asked a thousand times but please bear with me. I set up my vlan using a tutorial by Lawrence Systems (link text) because my switch is a tplink and has the same ui. I think it is a dns problem because when I am connected to the vlan through a straight ethernet cable, I am able to ping 8.8.8.8 but not www.google.com. I can ping www.google.com in the diagnostic/ping in pfsense using the vlan interface but not when I am connected to the vlan through my laptop.

I googled around a searched these forums for a little bit but no help so far. I decided to post for help while I continue to search.

• Tried setting DNS manually under DHCP server but nothing
• Tried tips from this site, besides the packet capture and nothing link text
• I tried disabling pfngblocker because I thought it was that but nothing

Here is a screenshot of my firewall rules and a break down of my network. I left everything open in my rules for now to see if I can get everything working. In my switch, I have port 16 as tagged since that is connected to pfsense box, port 4 untagged I have hard wired to my laptop, and ports 6 and 8 are tagged cause that is where my to access points are connected to.

Thanks for the help and any tips on my vlan setup will be appreciated

SteveITS

@swalker23 Your firewall rule shows 45 KiB so is matching packets. Is DNS set to listen on All interfaces? Try:

nslookup google.com HOMEVLAN_address

…from the computer.

swalker23

@SteveITS

Thanks for the reply
DNS is set to all. I will attach a photo to make sure we are on the same page with that. I tried checking the box DNS Query Forwarding, since I remember saying that was a solution for them but they were using DNS forwarding but checking the box didnt work. Tried nslook with and without vlan and it shows that with the vlan I have no dns server but without being connected to vlan, I get that my pfsense.home.arpa is my dns as shown in screenshots below.

Without vlan

With vlan

SteveITS

@swalker23 Per the second screen cap DNS is working on the VLAN since you got an answer. The "server: unknown" is trying to look up the IP of the server, x.10.1 and failing. That's not a problem in terms of DNS working. Not sure offhand but pfSense is probably just not matching up that IP with its name for some reason.

Your second rule on HOMEVLAN allows all IPv4 traffic but at the time of the screen cap has 0 bytes so hasn't been used. Any chance you're trying to connect out using IPv6?

swalker23

@SteveITS
I do remember seeing ipv6 addresses being blocked when I was testing the pings while watching the firewall logs. I add some ipv6 rules and tried pinging and nslookup with the same results. Can ping 8.8.8.8 but can't ping www.google.com. Strange enough, I forgot to switch back to my main lan and refresh/renew my ip, and saw that I was able to search the web in my browser. Go figure. I'm not %100 sure if adding the ipv6 rules solved the issue but I'll check that and see if my access points will let me surf web a little later after lunch. The relief of frustration made me hungry. I'll mark solved after final testing. How do I mark solve on this forum, just add it to the title manually?

Thanks for the help

Image of added ipv6 rules

swalker23

I disabled the ipv6 rules below and I was still able to connect online. Enabled vlan on my APs and was able to connect online. At first while wired, I couldn't ping www.google.com while connected to vlan, but I could ping it when connected wifi on the vlan. After connecting back to wired and on vlan, I can now ping www.google.com. Wierd but I'm not complaining, it is working. Not sure what happened but something happened.

Again I want to say thanks for the help Steve