Problem with PFsense Firewall et VLan DHCP.
-
Hello everyone,
the situation i am facing is very weird on how PFSENSE is reacting.
Here’s the situation:I wanted each VLAN to go to the internet but I do not wanted each computer in each VLAN to see other VLANS.
Each VLAN are receiving their respective IP from the PFSENSE DHCP.
I have set the same firewall rules for each VLAN.Problem: only VLAN 11 and VLAN 12 are able to ping their respective gateway and access the internet but all other VLAN can't ping their gateway or connect to the internet.
PFSENSE configuration cards = 3 NIC cards
NIC 1 = wan internet connection
NIC 2 = LAN connection with 10 VLAN associated to this card
NIC 3 = bridged with NIC 1NIC 2 has DHCP enable and the firewalls for each VLAN
NIC 2 DHCP = 192.168.25.1 /28
VLAN11 = 192.168.11.1 /28
VLAN12 = 192.168.12.1 /28
VLAN13 = 192.168.13.1 /28
VLAN14 = 192.168.14.1 /28
VLAN15 = 192.168.15.1 /28
VLAN16 = 192.168.16.1 /28
VLAN17 = 192.168.17.1 /28
VLAN18 = 192.168.18.1 /28
VLAN19 = 192.168.19.1 /28
VLAN20 = 192.168.20.1 /28Can anybody help me on this mystery?
-
Use only nic 2 as parent for your vlans. Move LAN somewhere else (nic 4 or a vlan).
-
Double check your subnet masks and firewall rules. Sounds like one or the other isn't right possibly.
-
Hello Perry,
Are you saying I should configure PFSense this way:
I verified my firewall and rules and their are ok.
On bridge my NIC 3 and associate the vlan on this card.
So my config would look like this. Is this the same thing as associating on the lan card? Why is this happening?NIC 1 = wan internet connection
NIC 2 = LAN connection
NIC 3 = with 10 VLAN associated to this cardNIC 3 has DHCP enable and the firewalls for each VLAN
NIC 3 DHCP = 192.168.25.1 /28
VLAN11 = 192.168.11.1 /28
VLAN12 = 192.168.12.1 /28
VLAN13 = 192.168.13.1 /28
VLAN14 = 192.168.14.1 /28
VLAN15 = 192.168.15.1 /28
VLAN16 = 192.168.16.1 /28
VLAN17 = 192.168.17.1 /28
VLAN18 = 192.168.18.1 /28
VLAN19 = 192.168.19.1 /28
VLAN20 = 192.168.20.1 /28 -
No sure I understand. If you don't bridge anything it should look like this.
NIC 1 = wan internet connection
NIC 2 = LAN connection
NIC 3 = with 10 VLAN associated to this cardEach vlan on NIC 3 has DHCP enable and a default allow all firewall rule.
VLAN11 = 192.168.11.1 /28
VLAN12 = 192.168.12.1 /28
VLAN13 = 192.168.13.1 /28
VLAN14 = 192.168.14.1 /28
VLAN15 = 192.168.15.1 /28
VLAN16 = 192.168.16.1 /28
VLAN17 = 192.168.17.1 /28
VLAN18 = 192.168.18.1 /28
VLAN19 = 192.168.19.1 /28
VLAN20 = 192.168.20.1 /28 -
Perry,
Bad news, now I can't ping gateways from inside any VLAN.
Since we are in the unknown I will show you my configs.
Let me clarify an information that I have said in the beginning. My PFSense is installed in a VMware virtual Machine.
I have configured in ESXi 4.0 a Distrinbuted Virtual Swith 10 groups with vlan 11 to 20. And 1 group Trunked (11-12)
em0 = MY Wan internet connection
em1 = My Lan pfsense
em2 = The Trunk group. This adapter in psfsense is binded and configured with Vlans from 11 to 12.
em3 = This one is bridged with em0 wan internet connection.My physical 24 port switch is config with 3 vlans ( vlan 2 to 4) each vlan uses 8 physical ports.
PFSense em0 is connected throught ESXi ( Virtual Switch) on the physical port vlan 2 ( This is working fine since PFSense access the internet from this port)
PFSense em1 and em2 is connected throught ESXi on the physical port Vlan 4Each VLAN are receiving their respective IP from the PFSENSE DHCP. But can't ping thier Gateway or access the internet. ???
-
Hi Perry,
Here's a test I have done.
Inside the PFSense LAN (em1) it receives a IP and can ping the internet and gateway. Using a VMware Virtual Machine configured with this card.
Inside the PFSense Trunked adapter (em2) it receives a IP and can ping the internet and gateway. Using a VMware Virtual Machine configured with this card.From vlan 11-20 receives a IP but no ping gateway or internet.
-
I've only tried vmware server 2 sometime ago http://www.gliffy.com/pubdoc/1610434/L.jpg
but I remember that I found http://www.vmware.com/pdf/esx3_vlan_wp.pdf useful. -
I have pasted this problem on the VMWare forums and see with them what may be the problem. I will be comming back and give some info.
See you later. :-\
Thanks