Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Cannot access internet from secondary LAN…help please!

    Scheduled Pinned Locked Moved General pfSense Questions
    5 Posts 2 Posters 1.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jrmitchell83
      last edited by

      Hey Guys, so I've setup a VLAN on my LAN interface to handle a separate wireless network. The first physical network I have is 192.168.88.1, the second virtual VLAN is 192.168.33.1. I've enabled the interface under interfaces and also enabled DHCP on this VLAN. The VLAN is "400". On my switch I've added the tagged VLAN of 400 on the LAN and Access Point Ports. On the access point, I've setup a secondary SSID, mapped to VLAN 400. The good news is that I'm successfully pulling an IP from 192.168.33.1 (VLAN 400), but for some reason I'm not able to access the internet. I'm tried switching NAT to manual and configuring one for 192.168.88.0, and 192.168.33.0 networks…this has been unsuccessful. I've also created a rule for the secondary LAN to access everything (*). I'm sure there is something really simple that I'm missing, but what can it be?

      Thank you in advance!

      1 Reply Last reply Reply Quote 0
      • P
        podilarius
        last edited by

        The last time I tries to have a physical and VLAN it didn't work until both were VLANs. Could be just me though. I have only done one VLAN test deployment.
        If you have NAT (I am guess both to WAN address) and firewall rules setup for both networks, then you should not have a problem getting out.

        1 Reply Last reply Reply Quote 0
        • J
          jrmitchell83
          last edited by

          Thanks for the reply podilarius. Yes, I'm using NAT for this configuration. Obviously this is working 99% as the IPs and such are getting dished out so we know the access point, switch and router are on the same page…just can't get out to the internet...ie google.com...

          Any other ideas guys?

          1 Reply Last reply Reply Quote 0
          • J
            jrmitchell83
            last edited by

            Figured out my issue! Everything is working correctly now. Thanks!

            The only issue I need to resolve now is the fact that people on 192.168.33.1 can access the 192.168.88.1 network…big no no...what's the best way to allow the traffic straight out to the internet? I tried specifying the WAN Subnet but them I'm again not able to browse the internet...probably because DNS or something is blocked? Thoughts on the best way to do this?

            1 Reply Last reply Reply Quote 0
            • P
              podilarius
              last edited by

              On the OPT inferface (192.168.33.0/24) put a block rule to 192.168.88.0/24 network. This must go above the allow any rule. If you want to have fun. Create an alias for each network. Then create a rule in each one that allow not (192.168.88.0/24) to the internet. Then everything but that address will be allowed to pass.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.