Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PfSense VLAN Rules for accessing HTTP

    Scheduled Pinned Locked Moved Routing and Multi WAN
    4 Posts 2 Posters 2.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      M-Flow
      last edited by

      Hi there,

      I'm facing some issue on configuring the Rules on pfSense Optional interfaces.

      I think I'll start with a short description of my Network:

      I have configured a Network with HP Switches.
      One HP Switch (5406zl) does the job of the Gateway in the Network.

      I have configured about 4 VLANs:
      VLAN 1 = Management (only for access to Switch Webinterfaces)
      VLAN 2 = Server (Server-Network, for DC etc.)
      VLAN 3 = Employees (Clients)
      VLAN 100 = Uplink

      On the Switch is a 1HE Server with pfSense connected, the appropriate
      Port is on Switch and Firewall side configured this way:
      VLAN 100 Untagged
      VLAN 1 Tagged
      VLAN 2 Tagged
      VLAN 3 Tagged

      The Switch has as Gateway in each VLAN an IP as required:
      VLAN 1 = 10.0.90.1/16
      VLAN 2 = 10.10.0.1/18
      VLAN 3 = 10.20.0.1/16
      VLAN 100 = 10.255.0.1/16

      And the Firewall has the (standard) LAN interface configured for VLAN 100 (10.255.0.3/16).
      In addition I have added 3 optional Interfaces and configured the appropriate VLAN IDs for each:
      VLAN 1 = 10.0.0.3/16
      VLAN 2 = 10.10.0.3/18
      VLAN 3 = 10.20.0.3/16

      On Switch-Side  I have configured the Default-Route to 10.255.0.3!
      There are some ACLs configured on the Switch. Simplified the following:
      VLAN 1 permission on any other VLANs
      VLAN 2 permission to any other VLAN except VLAN 1
      VLAN 3 permission to VLAN 2 and 100

      On pfSense runs the  DHCP Server for any VLAN.
      So far everything seems to work I can access, the pfSense, from any VLAN even
      it is getting routed where ACLs are allowing the access.

      I can ping from any Client in network (pfSense, Gateway, WAN Interface on pfSense, Websites like google etc.).
      But if I try to start a Webbrowser and Access google.de it is not possible to see the page, though I have allowed
      in Firewall Rules to access HTTP and HTTPS!?

      When I put my Client in the VLAN 100 (native LAN interface) everything works fine!
      Only on "optional" Interfaces (VLANs) the problem exists…!

      Please help, I am thankful to any hints. Maybe I am only a simple step
      away from the solution, but stepping in the dark right now.  ???

      Thanks in advance!

      1 Reply Last reply Reply Quote 0
      • P
        podilarius
        last edited by

        Have you setup advanced outbound NAT? Do you have a default rule in each VLAN interface on pfSense? Are you able to resolve names to IP?

        1 Reply Last reply Reply Quote 0
        • M
          M-Flow
          last edited by

          Yes the weird is, that i can resolve names to IP. The default Routes are also set. As far as I remember I didn't any changes to outbound NAT…
          I'll take a look, maybe there lies the problem...

          1 Reply Last reply Reply Quote 0
          • M
            M-Flow
            last edited by

            Okay found the problem… and solved it.
            I have forgotten to tell, that I am routing any Traffic to the WAN by passing it on the VLAN 100, so I had to allow in VLAN 100 (LAN) Rules any requests coming from those other subnets!

            Thanks a lot.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.