OPT1 has no internet access
-
Hey guys, I have a problem and hope that someone can help me out!
We have a router with 3 NICs and pfSense 2.0.x installed. I want to add a Guest LAN, which has no access to the Office LAN but to the Internet.That's how the network looks like:
Internet : WAN | PPPoE | .-----+-----. Guest LAN .-------------. | pfSense +----------------+ Switch/VLAN2 | '-----+-----' 192.168.42.X/24 '------+------' | Office LAN 192.168.111.x/24 | .-----+--------. | Switch/VLAN1 | '-----+--------'I created the new interface OPT1 with the static IP 192.168.42.1 and enabled the DHCP service on this interface.
When this was done I created two new firewall rules to OPT1:
Block | * | * | * | LAN net | * | * | Block LAN Traffic
Pass | * | DMZ net | * | ! LAN net | * | * | Allow Internet AccessIf I add a client to the Guest LAN I get an IP address from the DHCP service, but I can't access the internet.
The following data the client gets from the DHCP service:
IP: 192.168.42.xxx
Gateway: 192.168.42.1
DNS Server: 192.168.42.1
DHCP Server: 192.168.42.1I have no idea what I did wrong. I hope you can help me!
Thank you very much for your attention :) -
I have no idea what I did wrong.
I have no idea either. Does it work when you add an "Allow all" rule OPT1? Does DNS work on the clients (e.g. does "ping google.com" fail because it cannot lookup the DNS address or does it fail because it cannot reach the destination)? Can you ping the gateway (192.168.42.1)? If not, it might be a VLAN issue…
Do you use one VLAN switch? You diagram appear to indicate that you use two separate VLAN switches on two separate pfSense ports, which make liettle sense...
Best regerads, Klaus
-
Hi Klaus! Thank you for your reply!
I tried it with "Allow all" on OPT1, but nothing changed.
The DNS doesn't work on the clients, neither the gateway ping does. I also tried to ping from pfSense to the client, but it also didn't work.
I tried a direct connection between a client and the OPT1 port, but it's the same problem. So it shouldn't be a VLAN issue, right?Yes it looks like 2 Switches on the diagram, but it's only 1 Switch with 2 configured VLANs. VLAN1 on LAN and VLAN2 on OPT1.
-
Connecting a client directly to the port would not work if you had Vlans setup as the client wont be sending a tag, unless you specify it under the adaptor settings (you can in Windows 7 for sure). Also, a cross over network cable would be required, not a straight network cable.
Are you using one NIC, with the LAN set as Vlan 1 and the OPT1 as Vlan 2? Not two seperate NICS? The network switch then configured to use the two Vlans accordingly?
Setting up a firewall rule as: * | DMZ net | * | * | * | * | none | empty
Does this allow traffic? The none is under queue, empty under schedule. At least on my box anyway!If this does not allow traffic through to the internet, LAN or to the interface IP, then there must be something incorrectly setup with the Vlans at either the switch or PFsense.
-
Mhm.. Do I have to setup the VLAN1 and VLAN2 on pfSense, too? I thought it's enought to set it up on the switch.. I wasn't at school when we had VLANs ::)
I'm using 1 NIC for the LAN and 1 NIC for OPT1 and no VLAN on the router. The VLAN is only configured on the switch.
Setting up a firewall rule as: * | DMZ net | * | * | * | * | none | empty
Does this allow traffic? The none is under queue, empty under schedule. At least on my box anyway!That's what I already tried without success.
-
I am not quite sure I understand how you are cabled then - You have one switch connected to TWO nics on PFsense?
Rather than having a second NIC, you could setup two vlans on the LAN NIC, one would become OPT1, the switch tagging the traffic for each.
Or, you use a second switch on the second NIC and forget about vlans all together.
When you say router, I assume you are calling your PFsense box your router?
-
Sorry for the late response, I had holidays 8)
Yes, I have one switch and it has 2 VLANs. VLAN1 is connected to pfSense LAN interface and VLAN2 is connected to pfSense OPT1 interface.
And yes, I'm calling my router "pfSense".