Pfsense + unifi unable to access internet from VLAN
-
I am unable to ping out of my IoT VLAN and can not figure out why. I upgraded the CPUs prior to this issue starting and made no other configuration changes. I restored to backups before the issue started on both the pfsense router and my unifi self-hosted controller.
The devices connected to the network are able to obtain an IP but are unable to ping anything including my default VLAN of 10.10.10.1 and VLAN's 20 IP of 10.10.20.1.
I have attached images of my setup. On the access point if I change it to the default VLAN i am able to ping out so the AP is not the issue. Pfsence is able to ping out to Google's DNS, to a device connected to the VLAN, and to the default VLAN on the VLAN 20 interface.
If anyone has any ideas or sees any mistakes I missed I would greatly appreciate any assistance. let me know if you need any extra information.
LAN firewall rules:
VLAN firewall rules:
VLAN interface:
VLAN DHCP server:
-
@QuietEnergy9215 Checked to see if the IoT vlan subnet is permitted to go out via Outbound NAT?
-
@Popolou said in Pfsense + unifi unable to access internet from VLAN:
s permitted to go out via Outbo
Hello @Popolou, the rule for outbound NAT for 10.10.20.0/24 is still applied
-
What does the interface status say for OPT1?
-
@Popolou said in Pfsense + unifi unable to access internet from VLAN:
ay for OPT1?
interface status is up (green arrow)
-
@QuietEnergy9215 And no errors, or packets being recorded?
-
-
@QuietEnergy9215 So this vlan is actually on a separate fibre link and different to the LAN connection?
-
@Popolou, it is the same connection coming out of ix2 just with the vlan tag of 20
-
@QuietEnergy9215 Very odd you're facing this and why it just started. If i suspect the firewall, i tend to test by disabling the packet filtering (using pfctl -d at the CLI) and see if it makes a difference.
-
@Popolou Thank
@Popolou said in Pfsense + unifi unable to access internet from VLAN:
pfctl -d
pf disabled, still connected without internet on VLAN 20.... however, it becomes even more odd. All devices on the default VLAN lose internet connection as well, however, they are still able to ping internally. The devices on VLAN 20 are able to ping both interfaces (.20.1 and .10.1) with it disabled.
-
@QuietEnergy9215 said in Pfsense + unifi unable to access internet from VLAN:
default VLAN lose internet connection as well, however, they are still able to ping internally. The devices on VLAN 20 are able to ping both interfaces (.20.1 and .10.1) with it disabled.
okay, spoke too soon I can now no longer ping from 10.10.20.19 too anything.
-
@QuietEnergy9215 LMAO i think I spoke too soon I again I toggled pfctl -d and pfctl -e 2 times each and now I seem to have an internet connection on my VLAN 20 connection.... testing it all now
-
@QuietEnergy9215 External connections drop when pf is disabled so that is normal. But internal routing will continue. It suggests there is a rule somewhere blocking that vlan still.
-
@Popolou said in Pfsense + unifi unable to access internet from VLAN:
ternal routing will continue. It suggests there i
toggling pfctl fixed the issue I still don't understand :) I guess that is how networking is sometimes
-
@Popolou Thanks so much for the assist on this one
-
@QuietEnergy9215 No problem and glad you're back up and running.
