Multipule Lan but 1 without Internet. HELP!!!
-
Ok first time posting so if this is in the wrong section I do apologize. I am trying to setup up my pfsense box so that I have 1 wan connection and 2 lan. One lan will be utilizing my VPN and the other lan will not so if I need a connection that is local i can just switch. I have included a rough pic of what I'm trying for. the IP's for the lan jump from 192.168.1.1 to 192.168.3.1 because my modem uses 192.168.2.1 and I didn't want any conflicts. I have everything running where I can connect to either lan1 or lan2 but on lan 2 I don't get an internet connection. I have already added the rules so that lan2 isn't blocked and enabled the dhcp server on it but still no internet. lan 1 is working perfectly. Any ideas? If you need any more info just let me know.
-
by the looks of things NIC 2 and 3 are connected to the same switch? that would cause a conflict issue on the client side if my memory serves me correctly, as the device connected to that switch would be "confused" on what IP address to use.
have you tried the ports individually?
-
What he said.
Maybe even configure the switch with a vlan so only those plugged into one side of the switch are on 3.1 w/no vpn and those on 1.1 are on the default vlan. You can even use your 1.1 interface and add a vlan to it and free up that other interface.
Basically….
1.1 - Default VLAN (VLAN 1), VPN Access
3.1 - VLAN 2, No VPN Access -
I have tried running a computer straight of the pfsense box but still the same result. If all the computers on the network are manually setup to tell then which dhcp to connect to will I still have to setup up a switch vlan?
-
No, but setting each machine with a static setup makes it harder to manage.
I would definately look at doing a VLAN, then you can DHCP everything and set rules per interface. Your VLAN ends up being a seperate interface but you will need a switch that understands VLANsOr you can just use a seperate switch, that would be quick and easy.
-
Ok thanks but I still have no idea why nic 2 (the one without vpn) doesn't have internet even when directly connected to a computer. I have tried everything that I can think of but its like the wan is only being able to route to one nic at a time. if I disable the other nic then run the setup wizard then the second nic will work fine but if I enable the other nic then it doesn't have internet.
-
i have a pfsense VM, i will try your config and see if it works with me or not, i will post back later on when i get the results of the test.
-
done a bit of testing there with a fresh install of pfSense, have you configured the firewall on opt1, when you first enable the opt1 interface, there are no inbound rules applied to that interface and as such all incoming (from device to pfsense) network traffic from that lan will be blocked. (see attached photo)
you will also not be able to access the webui from devices on the opt1 interface although you can add firewall rules to allow access.
i have no experience in Vlans so i cant help in that way, i run separate lans on separate interfaces each having their own NIC and switch.
-
i added the rules when I installed the second NIC and I'm able to access the webui through but no internet without the other card disabled and running through the setup wizard again.
-
could you capture the rules you have to your lans and wan port and post them here? i will help us to see what what you have your firewall configured and hopefully find the problem with your connection
can you ping an external address for example google?
-
 -
i may be wrong here as i havent been using pfsense for long but by the looks of it, although you have rules that allow access to the webui and things like that, i believe the reason you have no access to the wan is because you have no destination rules meaning if i understand correctly pfsense does not know what to do with the traffic so it doesnt do anything.
-
Your rules are confusing.
You're basically saying…
251, any port, if you're destination is NOT yourself, on any port then go to the next rule. Mind you I can't see what your redirect location is.
ect, ect, ect
The '!' is 'not... address'
Really, if you want to simplify things you REALL need to physically separate those networks. Having two networks broadcasting on the same switch is EXTREMELY confusing.
VLAN one or physically separate, turn on DHCP or set them static so there is NO cross talk then just put a block rule on the IPs you don't want to get to the WAN interface.
On your NoVPN interface you have allow any rules.
Granted I'm no expert but you've got me very confused.
-
It's not just confusing, it is wrong.
-
done a bit of playing around with the firewall rules, i managed to get internet on both interfaces, those rules you have on your main lan are not needed.
when setting up the vpn, you set the interface used in the openvpn configuration screen and it will only use that lan.
i would physically separate your lans onto two switches.
-
First off the rules are not wrong they have been there on that nic for a long time and working properly. Those rules are only there to redirect those IP's so they don't use the vpn. I'm not having any trouble with the Lan it is with the NOVPN. Thank you to those that are giving helpful advice.
-
This is my cleaned up version but still no internet on NIC 2 but can logon to the pfsense box using it.
