Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    New pfsense firewall, cannot ping LAN interface, vlan issue, no internet access

    Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
    3 Posts 3 Posters 20.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      squelchtone
      last edited by

      Hello,

      We could really use some help.  Working on a new Netgate Pfsense firewall, have followed http://networktechnical.blogspot.com/2007/04/pfsense-how-to-setup-vlans.html to create vlans and interfaces, have em2 as our WAN ISP, and have em3 as LAN with tagged vlans on it, the procurve 2910 switch port is also tagged for all the same vlans, and dhcp is being handed out by the pfsense and works great, ip routing and ip gateway are programmed in the hp switch, and we can ping the switch management ip but cannot ping the pfsense lan, nor can we ping google.  We have also set up the firewall rules for the vlans to allow * from vlan to wan.

      Not sure if this is a simple step we are missing, it is our first time setting up a pfsense firewall.    Thank you for any help anyone can provide today! =)

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        There are a couple potential things that could be wrong there. The easiest is the firewall rules, make sure that they allow all protocols and not only TCP.

        If you can't ping pfSense itself on the same subnet as the clients, it would have to be one of:

        1. Layer 2 issue, clients and pfSense are not on the same network (unlikely to be this if they are getting DHCP from the firewall)
        2. Incorrect firewall rules
        3. Incorrect local routing – If you have an L3 switch handling local routing between VLANs, pfSense does not need to be configured to handle the VLANs directly, it should leave that up to the L3 switch and contact those subnets using static routes (but that means you can't do DHCP for the VLANs on pfSense...)

        If this is a new Netgate device, you should have some bundled support time to use depending on which model you purchased (The m1n1wall doens't come with any support, but the APU, 7541, and c2758 do). If you have that option, contact Netgate support and we can assist from there as well.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • I
          ikaruzz
          last edited by

          Similar problem here:
          Hardware: Cisco SG500 in layer 2 mode and a old Astaro ASG 110/120 Rev. 3.  (the Astaro has four Intel 82559ER NICs)
          After configuring the vlans on the SG500 and the Astaro DHCP over vlans did not work and I could not ping the gateway over the vlans.

          The problem was solved by disabling the default vlan processing in hw:

          A small script /usr/local/etc/rc.d/disable-vlanhwtag.sh

          #!/bin/sh
ifconfig fxp0 -vlanhwtag
ifconfig fxp1 -vlanhwtag
ifconfig fxp2 -vlanhwtag
ifconfig fxp3 -vlanhwtag

          is fixing the problem at startup.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.