|
Supermule
|
 |
« on: July 27, 2012, 11:45:52 pm » |
|
Greetings  I run a multiple VLAN/1 LAN setup. The gateway for the LAN is 10.1.1.1 How to stop inter VLAN routing and only direct traffic to the gateway? No matter which VLAN the traffic generates from? |
|
|
|
|
Logged
|
Kind regards Brian  |
|
|
|
|
heper
|
|
« Reply #1 on: July 28, 2012, 04:37:42 am » |
|
use policy routing to specify a gateway in the default any TO any firewall rule
inter-vlan routing will stop to function, only out to internet will work
|
|
|
|
|
Logged
|
|
|
|
|
|
Supermule
|
|
« Reply #2 on: July 28, 2012, 05:28:22 am » |
|
Walk me through it....
I have tried that (running 1.2.3), but to no avail.
|
|
|
|
« Last Edit: July 30, 2012, 05:52:00 am by Supermule »
|
Logged
|
Kind regards Brian |
|
|
|
|
heper
|
|
« Reply #3 on: July 28, 2012, 07:15:40 pm » |
|
no clue bout 1.2.3, have no more remaining systems running it. It's fairly easy on 2.x
in 2.x when ya edit the default lan rule, theres a section to specify a gateway other then 'default'.
|
|
|
|
|
Logged
|
|
|
|
|
|
Supermule
|
|
« Reply #4 on: July 29, 2012, 05:15:59 pm » |
|
*BUMP* |
|
|
|
|
Logged
|
Kind regards Brian |
|
|
|
|
cmb
|
|
« Reply #5 on: July 29, 2012, 08:37:25 pm » |
|
How do you have multiple VLANs with only one LAN? Guessing they're bridged together then, or else multiple WANs on VLANs. In general, you do what you're looking to do with firewall rules.
|
|
|
|
|
Logged
|
pfSense Commercial SupportPaying customers receive support priority and as in depth of assistance as desired through the official commercial support channels at portal.pfsense.org. Forum users receive as much help as time permits.
|
|
|
|
|
Supermule
|
|
« Reply #6 on: July 30, 2012, 01:33:21 am » |
|
I have attached some images.... The setup is like this...  LAN Setup  VLAN Setup  LAN Rule  VLAN Rule  The problem is that all of the VLANS can interact. I only want the traffic directed from the VLAN to the internet and no more. |
|
|
|
|
Logged
|
Kind regards Brian |
|
|
|
|
Metu69salemi
|
|
« Reply #7 on: July 30, 2012, 01:56:56 am » |
|
Your LAN subnet is way overlapping vlan subnets and you need firewall rule to block RFC1918 networks(inside ip-subnets)
|
|
|
|
|
Logged
|
|
|
|
|
|
Supermule
|
|
« Reply #8 on: July 30, 2012, 02:25:39 am » |
|
I must be missing something....
To have 10.1.x.x subnets working, then one must run LAN on 10.1.x.x/16 subnet....
And I can only block RFC1918 networks on WAN. Not on LAN....I have searched the ruleset for this to no avail...
|
|
|
|
|
Logged
|
Kind regards Brian |
|
|
|
|
Metu69salemi
|
|
« Reply #9 on: July 30, 2012, 02:43:16 am » |
|
|
|
|
|
|
Logged
|
|
|
|
|
|
Supermule
|
|
« Reply #10 on: July 30, 2012, 03:09:02 am » |
|
Have a look into it Thx so far! |
|
|
|
|
Logged
|
Kind regards Brian |
|
|
|
|
Supermule
|
|
« Reply #11 on: July 30, 2012, 03:56:58 am » |
|
Working!
Thanks a lot!
|
|
|
|
|
Logged
|
Kind regards Brian |
|
|
|
|
Metu69salemi
|
|
« Reply #12 on: July 30, 2012, 04:38:57 am » |
|
edit your first post subject field with [SOLVED]
|
|
|
|
|
Logged
|
|
|
|
|
|
Supermule
|
|
« Reply #13 on: July 30, 2012, 05:51:15 am » |
|
Will do! edit your first post subject field with [SOLVED]
|
|
|
|
|
Logged
|
Kind regards Brian |
|
|
|
|
pfSense Forum
