[RESOLVED] VLAN interfaces as LAN doesnt work



  • Hi,

    I just installed PfSENSE b4 (12/17 snap) in a new office. We have few VLAN we need to give they access to internet and dmz servers.

    I configured one VLAN interface as LAN and other VLAN interface as OPT int (wan interface is connected to internet trought a cisco router). Network cards are old intel pro/100 pci.

    Trunk port and switch access ports are already configured.

    My problem is on the lan interface (VLAN 10), PC are getting correctly IP address from pfsense dhcp server, they can ping to pfsense, but they cannot go to the internet. Trace and ping to external network dosen't work.

    Seems a bug in 2.0. Can some one help me to debug the problem? Firewall log are fine, no errors and no blocks.

    Please help

    mac



  • Can this problem be hardware related?



  • @macmacmac:

    My problem is on the lan interface (VLAN 10), PC are getting correctly IP address from pfsense dhcp server, they can ping to pfsense, but they cannot go to the internet. Trace and ping to external network dosen't work.

    Please give an example of the command and response.

    Maybe you have name server issues, but you will need to provide more details of what you are doing and what happens. (There is useful information in those error reports.)



  • Plain simpe, I can connect to the firewall but cannot go trought it.

    Pfsense vlan  interface is 10.10.10.1, providing dhcp (dhcp is working, giving IP,DNS,GW pointing to 10.10.10.1).

    Below the output:

    MacBook-Pro:~ steve$ traceroute 8.8.8.8
    traceroute to 8.8.8.8 ( 8.8.8.8 ), 64 hops max, 52 byte packets
    1  * * *
    2  * * *
    3  * * *
    4  * * *
    5  * * *

    MacBook-Pro:~ steve$ ping 10.10.10.1
    PING 192.168.30.1 (10.10.10.1): 56 data bytes
    64 bytes from 10.10.10.1: icmp_seq=0 ttl=64 time=8.823 ms
    64 bytes from 10.10.10.1: icmp_seq=1 ttl=64 time=8.639 ms
    64 bytes from 10.10.10.1: icmp_seq=0 ttl=64 time=8.823 ms
    64 bytes from 10.10.10.1: icmp_seq=1 ttl=64 time=8.639 ms
    ...

    MacBook-Pro:~ steve$ nslookup www.apple.com
    Server: 10.10.10.1
    Address: 10.10.10.1#53

    Non-authoritative answer:
    www.apple.com
    Name: e3191.c.akamaiedge.net
    Address: 2.17.109.15

    output of:

    require_once("globals.inc");
    var_dump(get_nics_with_capabilities("vlanmtu"));

    array(1) {
      [0]=>
      string(3) "fxp"}

    Any advice??????

    Thanks



  • Ok, i meesed up the things  >:(.

    Problem was that Captive Portal was inadvertitely enabled and not working.
    Upgrading to the last snapshot resolved the problem.

    The strange thing is that until 12/17 snapshot, to make Captive portal work, i was forced to execute:

    /sbin/sysctl net.inet.ip.fastforwarding=1

    Now in the last snapshot, with VLAN interface, i need to set:

    /sbin/sysctl net.inet.ip.fastforwarding=0 (the default value)

    Thanks
    Happy new Year!


  • Rebel Alliance Developer Netgate

    @macmacmac:

    Ok, i meesed up the things  >:(.

    Problem was that Captive Portal was inadvertitely enabled and not working.
    Upgrading to the last snapshot resolved the problem.

    The strange thing is that until 12/17 snapshot, to make Captive portal work, i was forced to execute:

    /sbin/sysctl net.inet.ip.fastforwarding=1

    Now in the last snapshot, with VLAN interface, i need to set:

    /sbin/sysctl net.inet.ip.fastforwarding=0 (the default value)

    Thanks
    Happy new Year!

    Which is why you shouldn't tinker with such settings :-)

    It was broken before, that fix wasn't a real fix, it just pushed the problem elsewhere, then when it was fixed right, it seemed "broken"…


Locked