Basic setup with VLANS help
-
Hello all,
First off I really appreciate these boards and the pfsense folks in general. I was in the Haiti earthquake with Dave Farquharson and we setup a pfsense box to handle multiple WANS for the relief effort at our school.
So now I'm an IT coordinator back in the states and in need of some help.I'm in charge of 2 campuses with over 500 students and 85 faculty and staff.
Attached is the topo of the elementary campus…
I have a web filter (M86) at 10.11.1.28 which is a target box. The main box is at 10.21.1.28.
I can get teh pfsense box up and running however I cannot get a couple of things running... The filter is one and VLAN traffic?
Hope all this makes sense...
Oh we are going with pfsense to replace a sonicwall. The sonicwall has been a pain in the neck for our wireless specifically.
I do not have separate opt for wireless.
Thanks in advance for all the help!!
Sean Blesh
Grace Christian School
sblesh@gracechristian.netOops sorry I didn't give all info...
I am using 1.2.3 version...
-
Hope I wasn't asking too many questions here. Mainly I'd like to get http, https and this filter lan IP open then I can fiddle from there..
Anyone…
;D ;D
Thanks,
Sean -
bump…
Can anyone take a look? At the very least I'd like to look at http out and https out...
Help ;D
Sean
-
i have a like similar with that topology with v20 RC3
in my point web filter is use with squid/proxy package on dedicate machineif u want to expose some LAN ip, that port forward will need
-
I am not sure what your question is.
Do you want to know how to setup VLANs in pfsense ?
For this just go to:
INTERFACES - ASSIGN - VLAN
There you create the VLANs on the interface you want. That's all with creating VLANs.
Now go to INTERFACES and configure every VLAN (IP address and so on). If you like, go to SERVICES - DHCP Server and configure the DHCP server for each VLAN.
After that you will have to create firewall rules for each VLAN under FIREWALL - RULES. By defaul EVERY traffic is blocked by the firewall. So you first have to create a PASS rule to let the traffic pass.I hope this was pointing to your question !?
-
I already have vlans setup on a procurve managed switch. Seems everytime I attach the pfsense box to the network I cannot see the box or get outside. I have had the WAN on the pfsense box and LAN attached to my local machine and I get out fine. Seems like trying to access through my vlans is where I get hung up.
I currently have a cisco pix at one location and a sonicwall at another location. I want to replace them both with pfsense boxes…
-
I've just recently setup my switch with VLANs (Firewall been configured to allow Internet access). As Nachtfalke mentioned have you created the same VLANs on the pfSense box? if so show us a copy of your firewall rules.
Sleeps
-
The interface on the pfsense box which has the different VLANs must be connected to the trunk port of your switch. Bothe sites, pfsense and switch need the same VLAN-IDs to communicate and they must be both tagged (pfsense VLANs are tagged) but your switch port needs this, too.
show us a screenshot of your firewall rules and you vlan setup.
-
Thanks folks ok so here we go…
I have a procurve managed switch... I looked in the pfsense book and looks like I got more steps to get this setup. I have all vlans off the HP switch. So it looks like I need to match vlans on pfsense to hp switch? Reading book as I type this... :-)
I am using the default vlan to get outside... I do want to "flatten out" our network eventually but not now. Using 8 vlans (max for switch) so I'll setup on tagged port on default vlan and see what happens. Am I going down the correct rabbit hole?
Sean
OH Screenshots coming... Also do I need to setup each vlan (I have 8) to match the internal switch vlans? match ip addresses and assign them to the LAN interface correct?
Attached is my procurve VLAN setup as well as pfsense vlan setup...
Should I now just go try it out??
 -
LAN Rules:::
-
WAN rules:::
-
On the main menu under Interfaces you should see a list of all the VLANs you created. Click on one of them and select "Static" move down to IP address and give it an IP address click save. Go to Services and select DHCP Server, the activated VLAN should now be listed click on it and create the rules.
Do the same for all the VLANs.
Sleeps
-
ok so I had to actually add the interfaces… So now I enter the ip address with netmask (10.11.0.0 with /16 = 255.255.0.0) for each vlan?
No bridging as well correct?
Also I assume I enable the interface... Do I need to put a gateway or let it resolve itself on each VLAN?
Thanks again...
Sean
-
As for DHCP… I am running a DHCP server internal already so would I want to enable DHCP on the VLAN? Still can't get out... Anyone have any suggestions? What am I missing?
Sean
-
Hi,
u dont need to define DHCP server if this service is hosted on other machines in ur networks.
Plz post ur interface assignments. do u use native vlan 1 for connections?
What number is ur switchport connected to pfsense?
Is the sonicwall doing the routing of ur vlans at the moment?
Seems everytime I attach the pfsense box to the network I cannot see the box or get outside.
What vlan belongs the client u try to test the pfsense setup?
cya
-
As for DHCP… I am running a DHCP server internal already so would I want to enable DHCP on the VLAN? Still can't get out... Anyone have any suggestions? What am I missing?
Sean
VLANs should be assigned their own DHCP server.
Add this to your firewall.
Source = VLAN net - Destination = VLAN net
Source = VLAN net - Destination = Local address (from the drop down list)Sleeps
-
ANSWERS….
Hello all...
Well it looks like I have solved the issue! Actually I did not need to setup vlans on pfsense since my switch handles all that. It was merely to set static routes for each vlan and it worked like a charm! I really appreciate all the help and hope this helps someone else out there!!
Sean