4. VLAN source traffic showing under LAN interface

VLAN source traffic showing under LAN interface

  • O

    Hello,

    We have LAN, WAN 1 and WAN 2. The WANs are configured as Gateway Groups.
    I have firewall rules on LAN to send all traffic on to the Gateway Group.

    We have configured a VLAN as such:
    1. Create a VLAN 2 on re0 under: Interfaces: VLAN
    2. Assign it to an interface under: Interfaces: Assign network ports
    3. Enable the interface and give it an IP address 192.168.4.254/24
    5. Enable DHCP on the VLAN 2 interface; with DNS being 8.8.8.8 and gateway is my managed switch
    6. Add a rule all to all in the VLAN 2 tab under; Firewall: Rules

    My users can get their DHCP leases without any issue, but still can't access the internet; while people on the LAN network can access internet without any issue. Looking at firewall logs i can see that the traffic from users of network 192.168.4.0 is showing up under interface LAN, I suppose they should show up under interface VLAN 2. The traffic is not blocked though.

    Any idea please?

    0
  • LAYER 8 Global Moderator

    Where are you pointing them to for their gateway - your switch??  Why would the gateway not be 192.168.4.254? Pfsense vlan interface?

    How did you setup the port on your switch connected to pfsense.  This should be a trunk port..

    0
  • O

    Hello,

    Thanks for the reply.
    The port is indeed trunk.

    We have done Inter-Vlan routing using the managed switch.

    Regards

    0
  • LAYER 8 Global Moderator

    So do you have routes on pfsense to these other networks on your managed switch that is doing routing?

    Please draw up your network and post.. So is this vlan a transit network to your downstream router?  Odd that you would put dhcp clients in a transit network?  A drawing would be most helpful.

    0
  • O

    Here you go attached. The default VLAN is 1 by the way.


    0
  • LAYER 8 Netgate

    Yeah.  That's all hosed.

    The transit network can be untagged. (I would do tagged to eliminate any reliance on VLAN1.)

    Eliminate the VLAN2 and VLAN2 interface on pfSense.  Instead make a gateway for 192.168.1.252 and create a static route for 192.168.4.0/24 to that gateway.

    Enable DHCP in the switch for VLAN2.

    PC0 should be on yet another vlan, created just like VLAN2.  It shouldn't be on the same VLAN as the transit network to pfSense (192.168.1.0/24).

    0
  • LAYER 8 Global Moderator

    You will also need to make sure you lan rules (transit network to your downstream router) allows the IP ranges of your vlans vs just lan net.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy