VLAN Routing

jgun98

Hi All,
I use pfsense 2.0.1

I have three interface
bge0
xl0
xl1

WAN -> xl0 -> 10.10.10.123/24 -> Gateway 10.10.10.1 -> DNS 8.8.8.8
LAN -> xl1 -> 192.168.2.1/24 -> DHCP Enable
OPT1 -> bge0 -> VLAN190 -> 10.190.0.50/23 -> DHCP Enable

Firewall Rules
WAN
Source LAN Address allow any
Source VLAN190 Address allow any

LAN
Source LAN Address allow any

VLAN190
Source VLAN190 Address allow any

I think I miss a little setup

LAN
There is no issue, I use cross cable connect from xl1 to a notebook
I can browse (transparent proxy)
I can ping LAN Address and WAN IP (10.10.10.123)

VLAN190
Here is the issue
I can get ip from pfsense DHCP Service. I set Gateway to 10.190.0.50
I can ping VLAN190 Address 10.190.0.50 from notebook
I use switch and already setup VLAN190
Interface VLAN 190 ip address 10.190.0.1 (Switch)
But I can not ping 10.10.10.123 (WAN IP)
and I can not browsing to the internet

Where I miss the setup?

Thank you in advanced
JGun98

wallabybob

@jgun98:

VLAN190
Here is the issue
I can get ip from pfsense DHCP Service. I set Gateway to 10.190.0.50

The laptop should get the default gateway in the DHCP lease, you shouldn't need to set it. If the laptop is not getting the correct gateway then maybe its getting DHCP lease from another server.

@jgun98:

I can ping VLAN190 Address 10.190.0.50 from notebook
I use switch and already setup VLAN190
Interface VLAN 190 ip address 10.190.0.1 (Switch)
But I can not ping 10.10.10.123 (WAN IP)
and I can not browsing to the internet

Setup ping 10.10.10.123 on laptop. Does packet capture on vlan190 interface show the incoming pings? Does firewall log show ping getting blocked?

stephenw10

Your firewall rules look incorrect though it could just be how you've written it down. Screen shots eliminate confusion.  ;)

The source for VLAN190 firewall rule should be VLAN190 subnet not address.

There is no need to have those rules on the WAN interface. You will never have traffic entering WAN with source LAN or VLAN190.

Steve

jgun98

Thanks for the reply
True that Gateway and DNS set by DHCP

It is strange that firewall block either ping to 10.190.0.50 and 10.10.10.123
  Feb 2 09:35:35 VLAN190  10.190.0.51:137    10.190.1.255:137  UDP
  Feb 2 09:35:36 VLAN190  10.190.0.51:137    10.190.1.255:137  UDP
  Feb 2 09:35:36 VLAN190  10.190.0.51:137    10.190.1.255:137  UDP
  Feb 2 09:35:37 VLAN190  10.190.0.51:137    10.190.1.255:137  UDP
  Feb 2 09:35:37 VLAN190  10.190.0.51:138    10.190.1.255:138  UDP
  Feb 2 09:35:38 VLAN190  10.190.0.51:137    10.190.1.255:137  UDP
  Feb 2 09:35:39 VLAN190  10.190.0.51:137    10.190.1.255:137  UDP
  Feb 2 09:35:39 VLAN190  10.190.0.51:49428    77.222.90.3:80  TCP:S
  Feb 2 09:35:39 VLAN190  10.190.0.51:137    10.190.1.255:137  UDP
  Feb 2 09:35:39 VLAN190  10.190.0.51:49429    207.46.61.90:80  TCP:S
  Feb 2 09:35:40 VLAN190  10.190.0.51:137    10.190.1.255:137  UDP
  Feb 2 09:35:41 VLAN190  10.190.0.51:137    10.190.1.255:137  UDP
  Feb 2 09:35:42 VLAN190  10.190.0.51:137    10.190.1.255:137  UDP
  Feb 2 09:35:42 VLAN190  10.190.0.51:137    10.190.1.255:137  UDP
  Feb 2 09:35:43 VLAN190  10.190.0.51:137    10.190.1.255:137  UDP
  Feb 2 09:35:44 VLAN190  10.190.0.51:137    10.190.1.255:137  UDP
  Feb 2 09:35:48 VLAN190  10.190.0.51    10.10.10.123  ICMP
  Feb 2 09:35:49 VLAN190  10.190.0.51:137    10.190.1.255:137  UDP
  Feb 2 09:35:50 VLAN190  10.190.0.51:137    10.190.1.255:137  UDP
  Feb 2 09:35:51 VLAN190  10.190.0.51:137    10.190.1.255:137  UDP
  Feb 2 09:35:51 VLAN190  10.190.0.51:49428    77.222.90.3:80  TCP:S
  Feb 2 09:35:51 VLAN190  10.190.0.51:137    10.190.1.255:137  UDP
  Feb 2 09:35:52 VLAN190  10.190.0.51:137    10.190.1.255:137  UDP
  Feb 2 09:35:53 VLAN190  10.190.0.51:137    10.190.1.255:137  UDP
  Feb 2 09:35:53 VLAN190  10.190.0.51    10.10.10.123  ICMP
  Feb 2 09:35:54 VLAN190  10.190.0.51:49428    77.222.90.3:80  TCP:S
  Feb 2 09:35:58 VLAN190  10.190.0.51    10.10.10.123  ICMP
  Feb 2 09:36:00 VLAN190  10.190.0.51:49428    77.222.90.3:80  TCP:S
  Feb 2 09:36:00 WAN  10.10.10.122:32054    224.0.0.252:5355  UDP
  Feb 2 09:36:00 WAN  10.10.10.122:32054    224.0.0.252:5355  UDP
  Feb 2 09:36:03 VLAN190  10.190.0.51    10.10.10.123  ICMP
  Feb 2 09:36:08 WAN  10.10.10.119:138    10.10.10.255:138  UDP
  Feb 2 09:36:08 WAN  10.10.10.118:138    10.10.10.255:138  UDP
  Feb 2 09:36:08 WAN  10.10.10.118:138    10.10.10.255:138  UDP
  Feb 2 09:36:09 WAN  10.10.10.118:138    10.10.10.255:138  UDP
  Feb 2 09:36:10 WAN  10.10.10.118:138    10.10.10.255:138  UDP
  Feb 2 09:36:10 VLAN190  10.190.0.51    10.10.10.123  ICMP
  Feb 2 09:36:11 WAN  10.10.10.118:138    10.10.10.255:138  UDP
  Feb 2 09:36:12 WAN  10.10.10.118:138    10.10.10.255:138  UDP
  Feb 2 09:36:12 VLAN190  10.190.0.51:49430    77.222.90.3:80  TCP:S
  Feb 2 09:36:12 WAN  10.10.10.118:138    10.10.10.255:138  UDP
  Feb 2 09:36:15 VLAN190  10.190.0.51:49430    77.222.90.3:80  TCP:S
  Feb 2 09:36:15 VLAN190  10.190.0.51    10.10.10.123  ICMP
  Feb 2 09:36:20 VLAN190  10.190.0.51    10.10.10.123  ICMP
  Feb 2 09:36:20 WAN  10.10.10.122:31758    224.0.0.252:5355  UDP
  Feb 2 09:36:20 WAN  10.10.10.122:31758    224.0.0.252:5355  UDP
  Feb 2 09:36:21 VLAN190  10.190.0.51:49430    77.222.90.3:80  TCP:S
  Feb 2 09:36:25 VLAN190  10.190.0.51    10.10.10.123  ICMP
  Feb 2 09:36:44 WAN  10.10.10.122:21245    224.0.0.252:5355  UDP
  Feb 2 09:36:44 WAN  10.10.10.122:21245    224.0.0.252:5355  UDP

jgun98

@stephenw10.
SOLVED.
VLAN190 Subnet…. not address.
THanks.