VLAN source traffic showing under LAN interface
-
Hello,
We have LAN, WAN 1 and WAN 2. The WANs are configured as Gateway Groups.
I have firewall rules on LAN to send all traffic on to the Gateway Group.We have configured a VLAN as such:
1. Create a VLAN 2 on re0 under: Interfaces: VLAN
2. Assign it to an interface under: Interfaces: Assign network ports
3. Enable the interface and give it an IP address 192.168.4.254/24
5. Enable DHCP on the VLAN 2 interface; with DNS being 8.8.8.8 and gateway is my managed switch
6. Add a rule all to all in the VLAN 2 tab under; Firewall: RulesMy users can get their DHCP leases without any issue, but still can't access the internet; while people on the LAN network can access internet without any issue. Looking at firewall logs i can see that the traffic from users of network 192.168.4.0 is showing up under interface LAN, I suppose they should show up under interface VLAN 2. The traffic is not blocked though.
Any idea please?
-
Where are you pointing them to for their gateway - your switch?? Why would the gateway not be 192.168.4.254? Pfsense vlan interface?
How did you setup the port on your switch connected to pfsense. This should be a trunk port..
-
Hello,
Thanks for the reply.
The port is indeed trunk.We have done Inter-Vlan routing using the managed switch.
Regards
-
So do you have routes on pfsense to these other networks on your managed switch that is doing routing?
Please draw up your network and post.. So is this vlan a transit network to your downstream router? Odd that you would put dhcp clients in a transit network? A drawing would be most helpful.
-
Here you go attached. The default VLAN is 1 by the way.
-
Yeah. That's all hosed.
The transit network can be untagged. (I would do tagged to eliminate any reliance on VLAN1.)
Eliminate the VLAN2 and VLAN2 interface on pfSense. Instead make a gateway for 192.168.1.252 and create a static route for 192.168.4.0/24 to that gateway.
Enable DHCP in the switch for VLAN2.
PC0 should be on yet another vlan, created just like VLAN2. It shouldn't be on the same VLAN as the transit network to pfSense (192.168.1.0/24).
-
You will also need to make sure you lan rules (transit network to your downstream router) allows the IP ranges of your vlans vs just lan net.
