4. PfSense VLAN Rules for accessing HTTP

PfSense VLAN Rules for accessing HTTP

  • M

    Hi there,

    I'm facing some issue on configuring the Rules on pfSense Optional interfaces.

    I think I'll start with a short description of my Network:

    I have configured a Network with HP Switches.
    One HP Switch (5406zl) does the job of the Gateway in the Network.

    I have configured about 4 VLANs:
    VLAN 1 = Management (only for access to Switch Webinterfaces)
    VLAN 2 = Server (Server-Network, for DC etc.)
    VLAN 3 = Employees (Clients)
    VLAN 100 = Uplink

    On the Switch is a 1HE Server with pfSense connected, the appropriate
    Port is on Switch and Firewall side configured this way:
    VLAN 100 Untagged
    VLAN 1 Tagged
    VLAN 2 Tagged
    VLAN 3 Tagged

    The Switch has as Gateway in each VLAN an IP as required:
    VLAN 1 = 10.0.90.1/16
    VLAN 2 = 10.10.0.1/18
    VLAN 3 = 10.20.0.1/16
    VLAN 100 = 10.255.0.1/16

    And the Firewall has the (standard) LAN interface configured for VLAN 100 (10.255.0.3/16).
    In addition I have added 3 optional Interfaces and configured the appropriate VLAN IDs for each:
    VLAN 1 = 10.0.0.3/16
    VLAN 2 = 10.10.0.3/18
    VLAN 3 = 10.20.0.3/16

    On Switch-Side  I have configured the Default-Route to 10.255.0.3!
    There are some ACLs configured on the Switch. Simplified the following:
    VLAN 1 permission on any other VLANs
    VLAN 2 permission to any other VLAN except VLAN 1
    VLAN 3 permission to VLAN 2 and 100

    On pfSense runs the  DHCP Server for any VLAN.
    So far everything seems to work I can access, the pfSense, from any VLAN even
    it is getting routed where ACLs are allowing the access.

    I can ping from any Client in network (pfSense, Gateway, WAN Interface on pfSense, Websites like google etc.).
    But if I try to start a Webbrowser and Access google.de it is not possible to see the page, though I have allowed
    in Firewall Rules to access HTTP and HTTPS!?

    When I put my Client in the VLAN 100 (native LAN interface) everything works fine!
    Only on "optional" Interfaces (VLANs) the problem exists…!

    Please help, I am thankful to any hints. Maybe I am only a simple step
    away from the solution, but stepping in the dark right now.  ???

    Thanks in advance!

    0
  • P

    Have you setup advanced outbound NAT? Do you have a default rule in each VLAN interface on pfSense? Are you able to resolve names to IP?

    0
  • M

    Yes the weird is, that i can resolve names to IP. The default Routes are also set. As far as I remember I didn't any changes to outbound NAT…
    I'll take a look, maybe there lies the problem...

    0
  • M

    Okay found the problem… and solved it.
    I have forgotten to tell, that I am routing any Traffic to the WAN by passing it on the VLAN 100, so I had to allow in VLAN 100 (LAN) Rules any requests coming from those other subnets!

    Thanks a lot.

    0
Log in to reply
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy