Routing vLAN to Internet[SOLVED!!]

  • Hi all, I am trying to configure a vLAN(vLAN25) as a guest Internet connection with my UniFi UAP-LR access points.

    What I have working is DHCP on my vLAN25 Interface and what appears to be communication with wireless devices.

    What I am unable to do is route traffic to the internet.

    Can anyone give me a tip to get this working?

    In my research I have configured the following screenshot but so far no success in getting this working.  Access through my vlan1 connected SSID is working 100%.

    ![Screen Shot 2016-01-16 at 5.18.09 PM.png](/public/imported_attachments/1/Screen Shot 2016-01-16 at 5.18.09 PM.png)
    ![Screen Shot 2016-01-16 at 5.18.09 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2016-01-16 at 5.18.09 PM.png_thumb)

  • WAN net is the subnet of WAN interface address. If you want access Internet host change the destination to "any".
    However, if you want to prevent wife guests from accessing your LANs, add an alias that contains all you internal subnets and in the firewall rule check "not" at destination, select alias and enter this alias below instead.

  • Thanks for that. I setup the rule as below and still not able to route this vlan to the internet.

    Any further thoughts?

    ![Screen Shot 2016-01-16 at 10.57.12 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2016-01-16 at 10.57.12 PM.png_thumb)
    ![Screen Shot 2016-01-16 at 10.57.12 PM.png](/public/imported_attachments/1/Screen Shot 2016-01-16 at 10.57.12 PM.png)

  • Now you allow only TCP protocol. For DNS there is also UDP necessary. So change it at least to TCP/UDP, if you want allow no further.

    And in Firewall > NAT > Outbound check if you guest wifi has been added to the rules.

  • Thanks…some interesting and strange issues are occurring with this subinterface.  When I configured this vLAN:

    • Internet browsing slowly decays to the point that even my default Wifi vLAN stops working.
    • I delete the sub-interface all settings and reboot then all started to work again.

    My system used is at follows...any thoughts?

    • Lenovo Think Center M55

    • Second NIC for LAN TP-Link PCI-E 1GigE

    • Version 2.2.6-RELEASE (i386)

    • built on Mon Dec 21 14:50:36 CST 2015

    • FreeBSD 10.1-RELEASE-p25

    • CPU Type Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz

    • 2 CPUs: 1 package(s) x 2 core(s)

    • 40GB SSD

  • OK I solved this issue. It turns out that by me changing the sub interfaces name from OPT1 to as an example GuestWiFi, it was somehow causing issues within pfSense.

    Maybe it is somewhere deep in the manual but as long as I leave the default subinterface names as it is created, everything works well and tagging and routing occurs.

  • LAYER 8 Global Moderator

    I have all my opt interfaces renamed.. that has nothing to do with your problem..  Unless maybe your trying to call 2 the same name?

    Some are physical nics, others are vlans on physical nics - see attached.

Log in to reply