Routing rules between several VLANS



  • Hello, first post here on the forum for me :)

    I have had my pfsense based network in my home for about 1 year now, but due to switch failure I haven't begun using it before now. I just got a new second hand Cisco 2950T switch installed, and now I need to configure my ridicoulusly complex home network.

    My pfSense box (PC) has 5 NICs in it. WAN, LAN, WIFI, MEDIASTREAM and DMZ they are called.

    Right now I am using only three of the VLANs.

    WAN and LAN is self explainatory. WIFI is there to deliver speed limited guest internet access in my house through Captive Portal, and MEDIASTREAM is a seperate VLAN for mediastreaming around my house to various boxes like dLink DSM-510 and various handheld devices like android phones etc…

    The reason I'm having this on a seperate VLAN and that it has it's own NIC in my pfSense box is that I need to have full bandwidth available at any time on that VLAN to ensure that no matter what I do on the other networks I always have full speed for media to stream.

    LAN is 192.168.1.x
    WIFI is 192.168.2.x
    MEDIASTREAM is 192.168.3.x
    DMZ is not in used yet - so that is not set up in pfSense or in the Switch.

    In the PC where my media is there is only one NIC for the time being. So all my media is on the LAN subnet. I will get another one very soon.

    But first problem is - I have no access to internet from the other subnets - WIFI and MEDIASTREAM. I can connect to the network from my DSM-510, and it gets it's IP adress from the DHCP server. I have set up a list of static dhcp ip adresses, and it works well. But there is no internet (tried upgrading firmware) and I can't see the mediaserver on it. What I notice is that the default gateway adress given to the DSM-510 is 192.168.3.1 - shouldn't it be 1.1 ?

    So it appears that I can connect to the different networks, but I can't get to internet and I can't get to any files on other subnets.

    I have programmed a few rules in the firewall, but apparently something is really wrong.

    Second problem is that when I connect to the second SSID (the WIFI subnet) it is the same stuff. No internet access, and no access to any other resources on other subnets.

    For WIFI AP I'm using a linksys WRT-54GL with the latest DD-WRT firmware installed. It enables me to have two SSIDs and thus two different networks for WIFI. The primary wifi SSID is directed to the LAN subnet, and the other SSID is directed to the WIFI subnet.

    I am almost certain that the DD-WRT box is configured correctly, but one never knows.

    I have been doing network stuff a long time, and I know a lot of this, just to let you know how my knowledge is, but I have never done anything this complex before. I know really well how to work a network with a router/modem/switch in one box, but when it comes to pfSense and routing / firewall rules, I am a noob.

    Second problem, I don't get any captive portal page when I log in to the network through my WIFI subnet. I don't know why, but it was there for a couple of times, then it wasn't there. Probably something I did, but it seems like it disappeared (no I didn't disable the portal hehe). Neither did I delete the login html page :). I didn't have internet access those times I got the login page either.

    If any of you could suggest anything that helps me configure my network so that it works I would appreciate it very much.

    My plans are:

    LAN subnet: Access through my primary SSID and through cables in the house.
    WIFI subnet: Only internet sharing with guests through the captive portal
    MEDIASTREAM: Let all devices on this subnet be able to have internet and also have access to the mediafiles on the LAN subnet.
    DMZ is gonna be used as a webserver for me and my buddies to use as a portal later on. Don't have a webserver yet, and no computer I want to run it on :). Was planning to use a linux server or something for it.

    Ooof this was a long story man, but I really appreciate you reading it :)

    Can anyone help?

    best regards,

    Tbreath.


Locked