Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Multipule Lan but 1 without Internet. HELP!!!

    Scheduled Pinned Locked Moved General pfSense Questions
    17 Posts 4 Posters 2.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Z Offline
      z88Shadow88z
      last edited by

      Ok first time posting so if this is in the wrong section I do apologize. I am trying to setup up my pfsense box so that I have 1 wan connection and 2 lan. One lan will be utilizing my VPN and the other lan will not so if I need a connection that is local i can just switch. I have included a rough pic of what I'm trying for. the IP's for the lan jump from 192.168.1.1 to 192.168.3.1 because my modem uses 192.168.2.1 and I didn't want any conflicts. I have everything running where I can connect to either lan1 or lan2 but on lan 2 I don't get an internet connection. I have already added the rules so that lan2 isn't blocked and enabled the dhcp server on it but still no internet. lan 1 is working perfectly. Any ideas? If you need any more info just let me know.

      netwrok.png
      netwrok.png_thumb

      1 Reply Last reply Reply Quote 0
      • N Offline
        NoFear202
        last edited by

        by the looks of things NIC 2 and 3 are connected to the same switch? that would cause a conflict issue on the client side if my memory serves me correctly, as the device connected to that switch would be "confused" on what IP address to use.

        have you tried the ports individually?

        1 Reply Last reply Reply Quote 0
        • V Offline
          Visseroth
          last edited by

          What he said.

          Maybe even configure the switch with a vlan so only those plugged into one side of the switch are on 3.1 w/no vpn and those on 1.1 are on the default vlan. You can even use your 1.1 interface and add a vlan to it and free up that other interface.

          Basically….

          1.1 - Default VLAN (VLAN 1), VPN Access
          3.1 - VLAN 2, No VPN Access

          1 Reply Last reply Reply Quote 0
          • Z Offline
            z88Shadow88z
            last edited by

            I have tried running a computer straight of the pfsense box but still the same result. If all the computers on the network are manually setup to tell then which dhcp to connect to will I still have to setup up a switch vlan?

            1 Reply Last reply Reply Quote 0
            • V Offline
              Visseroth
              last edited by

              No, but setting each machine with a static setup makes it harder to manage.
              I would definately look at doing a VLAN, then you can DHCP everything and set rules per interface. Your VLAN ends up being a seperate interface but you will need a switch that understands VLANs

              Or you can just use a seperate switch, that would be quick and easy.

              1 Reply Last reply Reply Quote 0
              • Z Offline
                z88Shadow88z
                last edited by

                Ok thanks but I still have no idea why nic 2 (the one without vpn) doesn't have internet even when directly connected to a computer. I have tried everything that I can think of but its like the wan is only being able to route to one nic at a time. if I disable the other nic then run the setup wizard then the second nic will work fine but if I enable the other nic then it doesn't have internet.

                1 Reply Last reply Reply Quote 0
                • N Offline
                  NoFear202
                  last edited by

                  i have a pfsense VM, i will try your config and see if it works with me or not, i will post back later on when i get the results of the test.

                  1 Reply Last reply Reply Quote 0
                  • N Offline
                    NoFear202
                    last edited by

                    done a bit of testing there with a fresh install of pfSense, have you configured the firewall on opt1, when you first  enable the opt1 interface, there are no inbound rules applied to that interface and as such all incoming (from device to pfsense) network traffic from that lan will be blocked. (see attached photo)

                    you will also not be able to access the webui from devices on the opt1 interface although you can add firewall rules to allow access.

                    i have no experience in Vlans so i cant help in that way, i run separate lans on separate interfaces each having their own NIC and switch.

                    Capture.PNG
                    Capture.PNG_thumb

                    1 Reply Last reply Reply Quote 0
                    • Z Offline
                      z88Shadow88z
                      last edited by

                      i added the rules when I installed the second NIC and I'm able to access the webui through but no internet without the other card disabled and running through the setup wizard again.

                      1 Reply Last reply Reply Quote 0
                      • N Offline
                        NoFear202
                        last edited by

                        could you capture the rules you have to your lans and wan port and post them here? i will help us to see what what you have your firewall configured and hopefully find the problem with your connection

                        can you ping an external address for example google?

                        1 Reply Last reply Reply Quote 0
                        • Z Offline
                          z88Shadow88z
                          last edited by

                          ![](http://LAN 1.png)

                          ![](http://LAN 2.png)

                          ![LAN 1.png](/public/imported_attachments/1/LAN 1.png)
                          ![LAN 1.png_thumb](/public/imported_attachments/1/LAN 1.png_thumb)
                          ![LAN 2.png](/public/imported_attachments/1/LAN 2.png)
                          ![LAN 2.png_thumb](/public/imported_attachments/1/LAN 2.png_thumb)

                          1 Reply Last reply Reply Quote 0
                          • N Offline
                            NoFear202
                            last edited by

                            i may be wrong here as i havent been using pfsense for long but by the looks of it, although you have rules that allow access to the webui and things like that, i believe the reason you have no access to the wan is because you have no destination rules meaning if i understand correctly pfsense does not know what to do with the traffic so it doesnt do anything.

                            1 Reply Last reply Reply Quote 0
                            • V Offline
                              Visseroth
                              last edited by

                              Your rules are confusing.

                              You're basically saying…

                              251, any port, if you're destination is NOT yourself, on any port then go to the next rule. Mind you I can't see what your redirect location is.

                              ect, ect, ect

                              The '!' is 'not... address'

                              Really, if you want to simplify things you REALL need to physically separate those networks. Having two networks broadcasting on the same switch is EXTREMELY confusing.

                              VLAN one or physically separate, turn on DHCP or set them static so there is NO cross talk then just put a block rule on the IPs you don't want to get to the WAN interface.

                              On your NoVPN interface you have allow any rules.

                              Granted I'm no expert but you've got me very confused.

                              1 Reply Last reply Reply Quote 0
                              • DerelictD Offline
                                Derelict LAYER 8 Netgate
                                last edited by

                                It's not just confusing, it is wrong.

                                Chattanooga, Tennessee, USA
                                A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                                DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                                Do Not Chat For Help! NO_WAN_EGRESS(TM)

                                1 Reply Last reply Reply Quote 0
                                • N Offline
                                  NoFear202
                                  last edited by

                                  done a bit of playing around with the firewall rules, i managed to get internet on both interfaces, those rules you have on your main lan are not needed.

                                  when setting up the vpn, you set the interface used in the openvpn configuration screen and it will only use that lan.

                                  i would physically separate your lans onto two switches.

                                  1 Reply Last reply Reply Quote 0
                                  • Z Offline
                                    z88Shadow88z
                                    last edited by

                                    First off the rules are not wrong they have been there on that nic for a long time and working properly. Those rules are only there to redirect those IP's so they don't use the vpn. I'm not having any trouble with the Lan it is with the NOVPN. Thank you to those that are giving helpful advice.

                                    1 Reply Last reply Reply Quote 0
                                    • Z Offline
                                      z88Shadow88z
                                      last edited by

                                      This is my cleaned up version but still no internet on NIC 2 but can logon to the pfsense box using it.

                                      netwrok.png
                                      netwrok.png_thumb
                                      Lan.png
                                      Lan.png_thumb
                                      NoVpn.png
                                      NoVpn.png_thumb

                                      1 Reply Last reply Reply Quote 0
                                      • First post
                                        Last post
                                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.