Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Single LAN/Multi VLAN Issue

    Firewalling
    2
    2
    822
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      MasterfulMethods
      last edited by

      Hey Everyone,

      Basically, I got a home server and put ESXi on it to mess around with. So I wanted to have some fun and create some VLANs to separate ESXi Lab traffic from the rest of my LAN traffic.

      –-
      Jetway JC200S-B-JNF99FL-525 w/ pfSense 2.1.3  (2 x Intel 82574L - 1 WAN, 1 LAN)
      TP-Link TLSG3216 Managed Switch  (Port 16 = Trunk to pfSense LAN Interface)

      So what I did/my plan was: create 3 VLANs:
      10 (DMZ eventually)
      20 (ESXi Lab)
      30 (Extra 'Guest' WAP)

      I Created 'Opt' interfaces for all 3 linking to my 1 LAN interface. Set subnets and DHCP scopes for all VLAN interfaces. Then just to test, I created a generic LAN-interface-type rule for VLAN20 of 'Allow ALL to ALL'.

      ESXi VMs are getting DHCP addresses via VLAN20 and are able to communicate in their own VLAN, but there is no internet access and pings to gateway fail. 
      However, pings from LAN --> VLAN20 succeed.

      Reading through several other posts I saw a tip saying that sometimes pfSense needs to be rebooted after doing a lot of work with interfaces, but that didn't seem to help. It seems like it's a firewall rule issue, but it shouldn't be as it has the same 'Allow All' that my default LAN subnet has.

      Can anyone think of something I missed in my configuration?

      Any help is greatly appreciated.

      Thanks!

      1 Reply Last reply Reply Quote 0
      • B
        Brutal
        last edited by

        Your trying to communicate on VLAN20 out your WAN port, but it's not working?  Do you have manual Outbound NAT turned on, but don't have entries for the VLAN20 IP range to your WAN interface?

        Have you done packet capturing on the VLAN20 interface to verify the packets are arriving?  If not, check your VLAN's downstream in your switch and/or ESXi.  If so, a packet capture on the WAN port should show the NATed packets going out.  If not, it's your Outbound NAT.

        Also, some basics.  Use only IP addresses for testing.  That removes DNS from the mix initially.  For instance, from your VM instance, set up a constant ping to say 8.8.8.8 and do your packet captures.  Making adjustments and resetting all states to 8.8.8.8 between changes.

        Once the basic IP is working, then see if you can ping www.google.com to check if your DNS is set.  If not, check the General Setup page and see if your DNS destinations are there and bound to your WAN port.

        Just some thoughts.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post