Search results

It is the best to start with After that, just reduce it to the domains corresponding to your VLANs for source and only to non Local networks for the target Remember to allow access to DNS server address, NTP server or any service you need on pfSense If you add an explicit deny rule, it is...

@kapone: as I understood it, he described the routing table to internet traffic, which is quiet right in his case. But yes, it can be he thinks it is also for the inter VLAN routing. I saw in his table that he has no internet traffic at all and cannot ping VLAN 300 interface on pfSense @Pakna...

I looked at your setup First, and unrelated, you should drop VLAN1 and use a distinct VLAN for management Second, and unrelated, use a /30 mask for the transit as it is not supposed to have any hosts on it Now, for your problem, these are the most probable causes/fixes - ensure Workstation B...

pfSense will first route the traffic to the corresponding interface, then it will check the firewall rules and drop/pass traffic accordingly. So, am I bypassing firewall ? I do not think so since the rules will be processed on the interface anyway

@kapone and @coxhaus Do you think there is an issue with that asymmetric WAN route: outbound from Transit and inbound from VLAN interface on pfSense ? I do not see any dropped traffic. The mod at Netgate is claiming I am bypassing teh firewall states checks, but pfSense is not bothering at...

Yes, probably it can be tagged on the trunk between pfSense and the Switch, no reason it cannot indeed I can also untag it on the trunk. Having it untagged is useful to debug the pfSense box by a directly connected device to the untagged VLAN 1 port

I see. I can reduce it to 2 interfaces and spare one switch port. I need both vlan 1 and transit interface to be untagged. Or you think it is possible / recommended to tag Vlan 1 in the trunk?

What is the 3rd link you mean ? The transit route must be untagged, or it will not work properly in my tests, but maybe I missed something in the early times I tested it The management VLAN 1 was added on purpose. I can untag it to the trunk, but I had the spare interface pfSense only does the...

Here's the final layout sample with pfSense properly working as a DHCP and DNS Server: pfSense is the WAN <-> LAN Firewall VLANs isolation must be done at the L3 routing Switch with ACL rules VLAN 1 dedicated interface for the management LAN is optional and can be untagged with the main...

They are the Sunon, the link you posted is exactly the same description / comparision As you see, I have tested all the combinations in this thread. PWM: do not order 4 pins fans, you need 3 pins fans, they also have the tacho The tacho is useless because Cisco OS assumes the fan is faulty...

I read that article But it was not clear for me during testing: - how to add the Media Server from a Trunk to the Multicast Group (Multi Cast group members are only Access ports on the receiver side) - what IP is the Multi Cast Group I will try it later once I finished configuring the network...

Do not buy it. I have two, if you really want I can sell them to you for half the price. LoL https://www.ebay.fr/itm/202457551689 They do not spin at all at 6v, so they do not work. You will need the trick to solder them at constant 12v. And they are more noisy than originals because of a...

The DLNA Media server is now running in a jail inside the Data Server, on the same VLAN as the TVs. The DLNA server and the Data server are on different physical interfaces and on different VLANs. TVs are fine with that as they get the DLNA brodcasting on the same subnet However, I wanted to...

I dropped that idea of the L2 switch in between pfSense and the L3, so I did not test it. Also, pfSense cannot do DHCP in any case with that diagram because it doesn't have the downstream VLAN interfaces. It has static routes. With my last diagram configured however, everything works properly...

Yes, static routes cannot be added if the interface is defined any way, because pfSense knows about the interface I doubt downstream traffic is going through the Transit route. I am not sure how to check it in pfsense, maybe an allow rule... However, I am not seeing any issues in logs about...

The trick I think is the gateway set to the L3 Switch In pfSense, the interfaces are directly attached, so no need to static routes, just the gateway to the L3 switch and proper firewall rules to allow needed traffic. tracert from 10.0.10.10 -> 10.0.20.10 tracert 10.0.20.10 Tracing route to...

I have a 4x LAN intel PCI-E card added and I will use it for a total of 4 LAN + Transit + WAN The tracert result: tracert 9.9.9.9 Tracing route to dns9.quad9.net [9.9.9.9] over a maximum of 30 hops: 1 1 ms 1 ms 1 ms 10.0.20.2 2 <1 ms <1 ms <1 ms pfSense.intranet...

@coxhaus and @kapone I managed to cascade the L3 switch and pfSense + use the DHCP on pfSense: tracert shows all interVLAN traffic not reaching pfSense internet works for all VLANs pfSense DNS resolver and DHCP work for each VLAN and I can assign specific DNS servers (openDNS) to given clients...

Yes, it does. I am using it in my current single VLAN setup to restrict unsecure traffic between TV and servers to DLNA only. However, since it is an IP range filter, secured only by MAC assignment on pfSense DHCP, I wanted to improve security on my servers going with VLANs Would be a later...

I looked at the switch book. IPv4 ACL can bind to vlan or ports. So sounds good. Enabling intervlan routing in both switches connected with a dedicated transit would cause asymmetric routing breaking rdp/htpps... Right? Discussion on two L3 switches: Connecting multiple layer 3 switches...