VLAN / Firewall Question

sparkynerd

I am new to pfsense, and I am planning to replace my Tomato router with my pfsense box. I currently have my "Port 4" (no vlans) working with internet access to devices. I have my "Port 1" setup with VLANs 2 & 3, and it is connected to a wireless access point with VLANs 2&3. If I connect to wireless "SSID#2", I get assigned an IP from VLAN2, and if I connect to wireless "SSID#3", I get assigned an IP from VLAN3, so I think that is setup ok. I do not have any internet access on either wireless SSID. I have tried various firewall rules, but still cant seem to get this last piece of the puzzle working. Any ideas what I am doing wrong or how this should be configured? Thanks!

My setup:

ISP–->Modem--->Port 5-> pfsense box --->Port 1 (VLAN 2&3) ---->Wireless AP---->SSID #2 (VLAN #2) - DHCP IP Address assigned, no internet
                                                    |                                                                      |------>SSID #3 (VLAN #3) - DHCP IP Address assigned, no internet
                                                    |
                                                    | ---------->Port 4---->No VLANs (Internet works)

kejianshi

Going to need to see those firewall rules (at least)

heper

you made the proper allow rules on the firewall tabs for opt_vlan2 & opt_vlan3 ?
–->can you ping the pfsense from vlan2&3 ?

do you have automatic or manual or hybrid NAT enabled ? if your firewall rules are OK, then its most likely a NAT issue.

sparkynerd

I just checked and the firewall rules are the same on Port 4 as they are for VLANs 2&3 - pass everything. I can ping the pfsense box from both vlans. My firewall rules are very basic for now until I can get everything working correctly, then I will add more rules and test as I go.

Thinking that I am putting "the cart in front of the horse", I tried a basic approach. Port #2 on my pfsense box is on the same subnet as VLAN2 and same simple firewall rule of "pass everything". I plugged my laptop into Port 2 and experienced the same problem… IP is assigned correctly, no internet access. I compared port #2 (not working) with port #4 (working), and I cant seem to find what is different between them.  :-\

From what I understand, I have to allow traffic through the firewall, and it blocks everything by default... is that correct? What would be the best way to post my firewall rules and/or config here?

Thanks!

sparkynerd

I almost forgot- I have not done anything with the NAT settings.

sparkynerd

My temporary "test" setup:

ISP–->Modem--->Port 5-> pfsense box --->Port 2 - DHCP IP Address assigned, no internet, 192.168.5.0/24 subnet
                                                    |                                                                   
                                                    |
                                                    | ------->Port 4 - DHCP IP Address assigned, internet works, 192.168.1.0/24 subnet

Derelict

Port #2 on my pfsense box is on the same subnet as VLAN2 and same simple firewall rule of "pass everything".

What?

Instead of posting what you think you've done, post screenshots of what you actually have done.

Sounds like NAT.  What are your NAT settings?

kejianshi

Making everything the same subnet definitely won't help…

heper

2 interfaces on the same subnet has serious potential to be the culprit ;)