VLAN WLAN (OPT1) to LAN access

n1md4

Hi,

I have pfsense running with standard WAN, LAN, WLAN (OPT1). I have 4 vLANs set up and all assigned to OPT1. There is an OpenWRT AP connected to the WLAN (OPT1) port with 4 SSID assigned to each vLAN accordingly.

Connections to each SSID connects correctly, configured with DHCP on pfsense. The connected devices are then currently able to ping one another (across vLANs) but none will connect to pfsense on the LAN port.

I have attempted adding specific firewalls to allow connectivity, but that makes no difference; the anti-lockout is still active, so if I read it correctly there should already be firewall access. This led me to think it could be vLAN tagging, and that the LAN port needs configuring, so I added a vLAN (with a matching ID to one connected on the WLAN, but this did not allow me to connect either.

Any assistance appreciated.

viragomann

@n1md4 said in VLAN WLAN (OPT1) to LAN access:

the anti-lockout is still active, so if I read it correctly there should already be firewall access

Note that rules have to be added to the interface, where the traffic is coming in. So if the anti lockout rule is on the LAN interface it doesn't allow traffic in from other interfaces, even if you try to access the LAN IP.

I.e. you need pass rules on the VLAN interfaces to permit access from these subnets.

n1md4

@viragomann thanks for the suggestion. I have rules for the vLAN interface.

e.g.

LAN rules
Anti-lockout rule

WLAN30 rules
IPv4+IPv6, any source port, source WLAN30 net, any port, any destination.

n1md4

Got this working in the end.

It was a simple case of misunderstanding the difference between the actual interface and the label. I thought there was something special about the "LAN" interface. There's not, it's just a name, what's important in my learning was the interface (vlan in my case) that's assigned to the interface label.