The pfSense Store

Author Topic: [SOLVED] trafic beetween two vlans  (Read 192 times)

0 Members and 1 Guest are viewing this topic.

Offline zappata

  • Newbie
  • *
  • Posts: 7
  • Karma: +0/-0
    • View Profile
[SOLVED] trafic beetween two vlans
« on: November 28, 2017, 08:48:35 am »
Hi guys,

I have a cisco manage switch and a pfsense firewall with 1 WAN, 1 LAN and 4 OPT Inputs.
i have configured my vlans (VLAN 50: 10.1.50.x, VLAN 60: 10.1.60.x) on the switch: i have created my vlans and configured the ports (as Trunk) and one port as trunk, tagged which contains both vlans.
connected my lan from pfsense to this one port which contains both vlans.

so i have internet connection and i get the right ip adress but if i want to allow traffic beetween vlans it doenst work.
my rules is source: vlan50, desti: vlan60, protokoll: any

and btw i can't ping my firewall: 10.1.10.1 from a device in a vlan but i can access the web configuration of pfsense.

have any idea ?

thank you in advance



« Last Edit: November 30, 2017, 09:39:08 am by zappata »

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 14397
  • Karma: +1334/-199
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: trafic beetween two vlans
« Reply #1 on: November 28, 2017, 09:34:41 am »
you would need rules on both vlan interfaces.. Please post up your rules on your interfaces via screenshot.
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.3.4_p1 (work)
1x SG-4860 2.4.2-RELEASE (home)

Offline NogBadTheBad

  • Sr. Member
  • ****
  • Posts: 382
  • Karma: +30/-0
    • View Profile
Re: trafic beetween two vlans
« Reply #2 on: November 28, 2017, 09:35:02 am »
Do you have firewall rules on the VLAN interfaces on the firewall ?

Beaten to it by John again :)

Offline zappata

  • Newbie
  • *
  • Posts: 7
  • Karma: +0/-0
    • View Profile
Re: trafic beetween two vlans
« Reply #3 on: November 28, 2017, 10:08:22 am »
On have no Rules on LAN interface, on WAN block all IPv4 and IPv6

on VLAN50:

DNS source: VLAN50 net dist: *
HTTP source: VLAN50 net dist: *
HTTPS source: VLAN50 net dist: *
SMTP source: VLAN50 net dist: *
POP source: VLAN50 net dist: *
IMAP source: VLAN50 net dist: *

on VLAN60:

DNS source: VLAN60 net dist: *
HTTP source: VLAN60 net dist: *
HTTPS source: VLAN60 net dist: *

i have tried this rule on VLAN50 Interface:

Source: VLAN50, dist: VLAN60, protokoll: any

this should actually work right ? but i cant ping VLAN60 devices from VLAN50

Offline Derelict

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 9204
  • Karma: +1045/-308
    • View Profile
Re: trafic beetween two vlans
« Reply #4 on: November 28, 2017, 10:16:43 am »
Can you ping the VLAN60 pfSense interface address?
Las Vegas, Nevada, USA
Use this diagram to describe your issue.
The pfSense Book is now available for just $24.70!
Do Not PM For Help! NO_WAN_EGRESSTM

Offline Grimson

  • Full Member
  • ***
  • Posts: 176
  • Karma: +26/-2
    • View Profile
Re: trafic beetween two vlans
« Reply #5 on: November 28, 2017, 10:18:10 am »
this should actually work right ? but i cant ping VLAN60 devices from VLAN50

If these devices run Windows you'll have to completely disable the windows integrated firewall, else they won't reply to pings from different subnets.

Offline zappata

  • Newbie
  • *
  • Posts: 7
  • Karma: +0/-0
    • View Profile
Re: trafic beetween two vlans
« Reply #6 on: November 28, 2017, 10:33:17 am »
no i cant and thats the problem.

yeah they have windows.

ok i will try it. thanks

Offline Derelict

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 9204
  • Karma: +1045/-308
    • View Profile
Re: trafic beetween two vlans
« Reply #7 on: November 28, 2017, 07:45:08 pm »
If you cannot ping the VLAN60 pfSense interface address then it's not a local firewall on the hosts.

It will probably be better if you post actual screen shots to your rules pages instead of some description of what you think you have done.

If it was done how you described it would be working.
Las Vegas, Nevada, USA
Use this diagram to describe your issue.
The pfSense Book is now available for just $24.70!
Do Not PM For Help! NO_WAN_EGRESSTM

Offline NogBadTheBad

  • Sr. Member
  • ****
  • Posts: 382
  • Karma: +30/-0
    • View Profile
Re: trafic beetween two vlans
« Reply #8 on: November 29, 2017, 03:15:04 am »
It's not something stupid is it, like the wrong subnet masks on the clients.

Does windows default to a 255.0.0.0 mask when using address space from the 10.0.0.0/8 range.

If this is the case is will think all traffic to 10.x.x.x is local.

Offline zappata

  • Newbie
  • *
  • Posts: 7
  • Karma: +0/-0
    • View Profile
Re: trafic beetween two vlans
« Reply #9 on: November 30, 2017, 09:36:01 am »
thank you guys.
I solved the problem.

It was the Anti Virus software and firewall of Windows