Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    New pfsense firewall, cannot ping LAN interface, vlan issue, no internet access

    Installation and Upgrades
    3
    3
    14043
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      squelchtone last edited by

      Hello,

      We could really use some help.  Working on a new Netgate Pfsense firewall, have followed http://networktechnical.blogspot.com/2007/04/pfsense-how-to-setup-vlans.html to create vlans and interfaces, have em2 as our WAN ISP, and have em3 as LAN with tagged vlans on it, the procurve 2910 switch port is also tagged for all the same vlans, and dhcp is being handed out by the pfsense and works great, ip routing and ip gateway are programmed in the hp switch, and we can ping the switch management ip but cannot ping the pfsense lan, nor can we ping google.  We have also set up the firewall rules for the vlans to allow * from vlan to wan.

      Not sure if this is a simple step we are missing, it is our first time setting up a pfsense firewall.    Thank you for any help anyone can provide today! =)

      1 Reply Last reply Reply Quote 0
      • jimp
        jimp Rebel Alliance Developer Netgate last edited by

        There are a couple potential things that could be wrong there. The easiest is the firewall rules, make sure that they allow all protocols and not only TCP.

        If you can't ping pfSense itself on the same subnet as the clients, it would have to be one of:

        1. Layer 2 issue, clients and pfSense are not on the same network (unlikely to be this if they are getting DHCP from the firewall)
        2. Incorrect firewall rules
        3. Incorrect local routing – If you have an L3 switch handling local routing between VLANs, pfSense does not need to be configured to handle the VLANs directly, it should leave that up to the L3 switch and contact those subnets using static routes (but that means you can't do DHCP for the VLANs on pfSense...)

        If this is a new Netgate device, you should have some bundled support time to use depending on which model you purchased (The m1n1wall doens't come with any support, but the APU, 7541, and c2758 do). If you have that option, contact Netgate support and we can assist from there as well.

        1 Reply Last reply Reply Quote 0
        • I
          ikaruzz last edited by

          Similar problem here:
          Hardware: Cisco SG500 in layer 2 mode and a old Astaro ASG 110/120 Rev. 3.  (the Astaro has four Intel 82559ER NICs)
          After configuring the vlans on the SG500 and the Astaro DHCP over vlans did not work and I could not ping the gateway over the vlans.

          The problem was solved by disabling the default vlan processing in hw:

          A small script /usr/local/etc/rc.d/disable-vlanhwtag.sh

          #!/bin/sh
          ifconfig fxp0 -vlanhwtag
          ifconfig fxp1 -vlanhwtag
          ifconfig fxp2 -vlanhwtag
          ifconfig fxp3 -vlanhwtag
          
          

          is fixing the problem at startup.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post

          Products

          • Platform Overview
          • TNSR
          • pfSense
          • Appliances

          Services

          • Training
          • Professional Services

          Support

          • Subscription Plans
          • Contact Support
          • Product Lifecycle
          • Documentation

          News

          • Media Coverage
          • Press
          • Events

          Resources

          • Blog
          • FAQ
          • Find a Partner
          • Resource Library
          • Security Information

          Company

          • About Us
          • Careers
          • Partners
          • Contact Us
          • Legal
          Our Mission

          We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

          Subscribe to our Newsletter

          Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

          © 2021 Rubicon Communications, LLC | Privacy Policy