I can only serf on Vlan1



  • I set up all the interfaces, and vlans, and plugged them into a trunk.  It took a bit since I am new to vlans, but I got it almost working.  While I can ping pfsense from any vlan, I can only serf the internet from vlan1.

    My firewall rules are very open, basically each interface including the wan interface are the same allowing everything to go through.

    Vlan2-4, will ping a website and return an ip but the request times out.

    -bj
    ![firewall vlan1.png](/public/imported_attachments/1/firewall vlan1.png)
    ![firewall vlan1.png_thumb](/public/imported_attachments/1/firewall vlan1.png_thumb)



  • Do you have separate subnets for those vlans?
    Please check: Firewall:NAT:Outbound, that you've have also rule for other subnets rather than only for lan
    If not tick the manual outbound nat and create with the same pattern to other subnet those rules

    Hope that helps



  • @Metu69salemi:

    (…)
    Please check: Firewall:NAT:Outbound, that you've have also rule for other subnets rather than only for lan
    If not tick the manual outbound nat and create with the same pattern to other subnet those rules

    Hope that helps

    This is not necessary in general because automatic outbound nat rules are created as far as I know.

    Can you ping the pfsense interface from e.g. vlan2 from vlan3 ? Did you set up a DHCP, DNS, gateway for these clients?

    show us your vlan settings



  • @nachtfalke: I assumed that dns and dhcp is set correctly so i jumped to somewhere else to find out the problem. He had post another post where his/hers vlan settings is somehow messed up



  • @Metu69salemi:

    @nachtfalke: I assumed that dns and dhcp is set correctly so i jumped to somewhere else to find out the problem. He had post another post where his/hers vlan settings is somehow messed up

    You are right but we should check the easy things, too ;)
    Setting up the DNS in general setup is as neccessary as the gateway and dns setting in the dhcp server for the clients. if he uses static IPs the the clients config would be interesting.

    further we should know more about the vlan subnets (as you still mentioned in you post).

    Perhaps we should first wait for a feedback of the thread opener before we discuss to much in detail ;-)



  • Yes you're right, i shouldn't have had asumpted a thing.
    Maybe this solves itself when the config is corrected to match those vlans



  • The DNS in General Setup is actually a great question?    I am using pfsense as my direct portal to the internet so the wan interface is a public ip in my case.  In the general settings, am I supposed to put the dns of my ISP's dns server or internal?



  • @bbehrendt:

    The DNS in General Setup is actually a great question?    I am using pfsense as my direct portal to the internet so the wan interface is a public ip in my case.  In the general settings, am I supposed to put the dns of my ISP's dns server or internal?

    In general this should be a public DNS Server (your ISP's or googles 8.8.8.8). But it could be your internal DNS, too, if this DNS forwardes requests to a public DNS.

    If DNS is a problem, then you can easy test this if you ping an internet address first time by IP and then with FQDN.

    PS: In General Setup you should uncheck "Allow DNS servers to be overwritten by DHCP" - don't know the exact name of this checkbox.



  • I got it working.    I had to change the outbound Nat routes to manual and enter each vlan in manually, add a pass rule to each firewall rule, and fix a subnet entry in the WAN

    than you.

    -bj



  • It seems that the latest fix was the real one


Locked