Pfsense One interface + Multiple Vlans + No internet connection [Resolved]
-
Hi everyone
i'm having an internet connectivity problem in my pfsense box . here's the details for my config .
i've setup pfsense on an HP Uc COMPAQ Ultra-Slim E-PC EVO d510 wich has only 1 Nic ( intel pro 10/100 )
well i've setup all interfaces on the same interface wich is intel pro 10/100
setup vlans and assigned everything wan and lan setup dhcp etc …
i was having a hard problem to setup vlans and trunking on a 3com Switch Super Stack II 3300 wich trunking is different from cisco but finally after days of testing and googling i find out the solution .
i've setup all the ports of the switch on the proper vlan ( vlan 10 , 20 30 40 50 ... )
i've setup port 1 of the switch to allow all the vlans ( trunk )
i can ping the gateway ( my internet isp modem )
i can ping pfsense box also . i'm testing with vlan 30 and i added a firewall rule to allow me to ping all the vlans and lan ip also
i've setup the wan as dhcp and set the internet vlan as fxp0_vlan50parent interface is fxp0
wan interface is fxp0_vlan50
lan interface is fxp0
and all the other vlans are configured this way : fxp0_Vlan10, fxp0_Vlan20, fxp0_Vlan30 .....
vlan 10 : 192.168.10.1
vlan 20 : 192.168.20.1
vlan 30: 192.168.30.1lan ip : 192.168.0.10 ( dhcp disabled ) so it wont interfere with main modem 192.168.0.1
wan : dhcp ( got ip : 192.168.0.148 ) from my modem wich is (192.168.0.1) ( main internet connection gateway ) .
now my problem is that i've added different rules on the wan and lan interface and even on the vlan 30 wich i plugged my cable to but with no luck i can ping all ips such as 192.168.0.1 and 192.168.0.10 , 192.168.30.1 current vlan
and i cant get access to the internet
i've searched the forum for similar issues i tried to add rules to allow any to any but same i cant access internet but the ping to other ips is working so i think of 2 problems
1st problem : maybe the thing with tagged and untagged on the trunk port of the switch
2nd problem : pfsense isnt allowing internet to pass through it's wan interface even if it's pingable .thanks for helping getting into it because i'm having several days testing with no luck .
cordially CooLiRC
-
192.168.0.1 is in the same /24 subnet as 192.168.0.10. You can't have two interfaces in the same subnet it breaks routing. Change the LAN address to some other subnet.
Steve
-
thanks a lot after changing my lan ip to 192.168.200.1 then rebooting it worked for me but after adding a firewall rule in my current vlan(30) to allow any to any it worked . thanks again now i'll try to allow only internet and deny vlan communication to each other i'll read the other posts again .
thanks
-
No problem. :)
To make the firewall rules easier to read you may want to create an alias that contains all your internal subnets, 192.168.200.X, 192.168.10.X etc. Then you can make firewall rules on each interface the allow traffic with destination: not internal subnets. All other traffic will be blocked by default.Steve