Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [SOLVED] VLAN/Firewall Configuration Problem

    Scheduled Pinned Locked Moved General pfSense Questions
    4 Posts 2 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      delta1017
      last edited by

      I'm having a problem with my VLAN configuration. I've followed guides on how to do this to the letter, but it's still not working. My setup is as follows:

      VLAN 10: HomeLAN, 192.168.1.0/24
      VLAN 20: LAB, 192.168.2.0/24
      Both VLANs are assigned to subinterfaces on the LAN side. Screenshot of the router config.

      Same VLANs are defined on the switch as well. Ports 1-5 are assigned to VLAN 10, 6 and 7 are assigned to VLAN 20, 8 is a trunk port which goes to the router. Screenshot of the switch config.

      I've also defined firewall rules allowing traffic on each VLAN interface. Screenshot.

      VLAN 10 works fine; I can reach the internet and ping hosts in both VLANs. However, hosts in VLAN 20 can do none of those things; pings fail and the internet is unreachable, however they are able to receive DHCP addresses from the router. I've tried rebooting the router to no avail. What am I missing here? Everything appears to be configured correctly, yet it's not working.

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        Did you turn off automatic NAT?

        Everything else looks good.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • D
          delta1017
          last edited by

          Sorry for the late reply, but I just now figured it out. Firewall rules default to only allowing TCP traffic, which was why my pings weren't going through. Changed it to allow all protocols, and everything works now.

          1 Reply Last reply Reply Quote 0
          • DerelictD
            Derelict LAYER 8 Netgate
            last edited by

            Yeah I missed that in your screenshot. Sorry. Glad you found it.

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.