Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    No internet on VLAN interfaces

    Routing and Multi WAN
    2
    6
    2.5k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • V
      vukomir
      last edited by

      Hi,

      I have set up a PFSENSE bx with 3 NIC's
      2 X WAN configured load balance
      1 x LAN with 4 VLAN's

      and created ruls so that vlan1 can access vlan2 and not access vlan 3 and vlan 4

      my problem is that i don't have internet access on the vlan's because i took out the rule that redirected all trafic to the GW, if i add the rule from the second image i will be able to access other vlans.

      can you please help me with this problem.

      Thanks.

      Untitled.png
      Untitled.png_thumb
      Untitled2.png_thumb
      Untitled2.png

      1 Reply Last reply Reply Quote 0
      • H
        heper
        last edited by

        you shouldn't be able to access other vlan's if you add that allow rule with specified gateway.
        i have simalar rulesets on a couple of firewalls.  do you have some special nat or floating rules or overlapping subnets ?

        what you could do however is create an alias and insert all the subnets of the Vlans but not WORKLAN
        then adjust the bottom rule and specify the destination as "NOT" <alias>but as i said, this shouldn't be required, big chance something else is wrong somewhere</alias>

        1 Reply Last reply Reply Quote 0
        • V
          vukomir
          last edited by

          Hi Heper,

          I have attached my configuration from the vlan  200.
          in this case i can ping vlan 300 but if i take out the rule where the GW is LB i will not be able to ping VLAN300

          Thanks.

          Untitled.png
          Untitled.png_thumb

          1 Reply Last reply Reply Quote 0
          • V
            vukomir
            last edited by

            I don't know if this influence anything but i forgot to mention that i have a squid on the same pfsense box.

            Thanks.

            1 Reply Last reply Reply Quote 0
            • H
              heper
              last edited by

              whats the use of the the pass rule worklannet –> worklannet?

              1 Reply Last reply Reply Quote 0
              • V
                vukomir
                last edited by

                Hi heper,

                The rule allows clienta on the same VLAN to comunicate, if i take out that rule i will be able to access client on the same VLAN.

                so..my configuration is the folowing:

                VLAN200 WorkLAN
                VLAN210 WLAN
                VLAN220 ServerLAN
                VLAN230 Management VLAN

                VLAN 200 can access clients from  VLAN 200 and VLAN 210 but can't access VLAN 220 and VLAN 230
                VLAN 210 can access clients from VLAN 210 and VLAN 200 but can't access VLAN 220 and VLAN 230

                VLAN 220 can access clients from VLAN 220 and VLAN 230 but can't access VLAN 200 and VLAN 210
                VLAN 230 can access clients from VLAN 230 and VLAN 220 but can't access VLAN 200 and VLAN 210

                I need internet access only on VLAN 200 and VLAN 210, at this moment i have squid configured on VLAN 200 and VLAN210

                please let me know if it's clear now?

                Thanks.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.