Unable to get internet access on vlans through switch
-
Hello, I'm having problems getting internet on clients connected through a VLAN.
Here's my setup, I have a pfsense with two NIC, one for WAN and one for LAN. The WAN IP is 201.220.xxx.xxx and uses an external DNS server to resolve requests. The LAN ip for my pfsense is 192.168.1.1 and is connected to a Netgear switch GS728TSB on port 1. I've also added the VLANS on the switch set their membership and PVIDs so VLANs 10 and 20 use port 1 of my switch as trunk.I've set up two VLANS on my pfsense, 10 and 20 respectively, and DHCP servers for them using the ip pools 192.168.2.10-50 and 192.168.3.10-50 respectively. The NAT rules on my pfsense are automatic, allowing all three networks (LAN + OPT1 + OPT2) to NAT to a WAN address. Also added the firewall rules to (allow any) on each of my OPT interfaces. My pfsense uses an external DNS server which is set on the General Setup page and I've activated the DNS forwarder on the LAN and OPT interfaces.
The problem is that if I connect my laptop directly to the pfsense's LAN interface port I get DHCP as well as access to the internet, but if I connect through the switch although I still get DCHP for LAN and both the VLANS I cant get to the internet. The VLANS can ping each but i cant ping 192.168.1.1 which is the pfsense's LAN ip and the switch's gateway. Am I doing something wrong? I'm new to pfsense so I would appreciate some help. Thanks
-
What are the rules you put on your opt interfaces that are you vlans - can you post your vlan setup in pfsense.
So for example here are 2 vlans I have in pfsense that are connected to my em2 physical interface. So your saying if you plug a device on your switch that is in vlan 10 you get IP from dhcp for that vlan, and if you put in switch port for 20 you get IP from that vlan pool.
Can you ping the pfsense IP you put on that vlan? So for example mine are 192.168.4.253 and 192.168.5.253.. Devices on those vlans can ping pfsense IP address on that vlan. Pinging pfsense IP address on your lan segment would depend on your firewall rules. Well for that matter even pinging pfsense IP in that vlan would depend on your firewall rules. Please post up your vlan configuration, the ips of your pf interfaces in those vlans. Your firewall rules for those vlans and ipconfig from clients in those segments.
Your using just /24 for your masks right?