Hi, everyone!
I’m not used to the whole forum thing so forgive me if this is in the wrong place or with wrong formatting. If so, please point me in the right direction! On to my issue.
I have a Mikrotik RB2011UiAS-2HnD routing my traffic currently but would like to set up a pfSense machine on a device with 1 network port. (P.S. throughput is not an issue since I only have 50Mbps internet downstream and the servers in DMZ have Gigabit between each other). I’ve had it running previously but with the “WAN” as a VLAN with it’s own DHCP to give the pfSense an address. I would like to change that so the firewall gets an address from the default LAN network on the Mikrotik.
This is the configuration that isn’t working:
pfSense machine on ether2
VLAN_LAN access on ether6
VLAN_DMZ access/trunk on ether5
Intefaces:
VLAN_LAN VLAN ID=999 on ether2
VLAN_DMZ VLAN ID=666 on ether2
Bridges:
bridge1 vlan-filtering=on
Bridges>Ports:
ether2 PVID=1
ether5 PVID=666
ether6 PVID=999
Bridges>VLANS:
VLAN 1 untagged=ether2,bridge1
VLAN 666 tagged=ether2 untagged=ether5
VLAN 999 tagged=ether2 untagged=ether6
IP>Addresses:
192.168.77.1/24 on bridge
10.69.69.1/24 on VLAN_DMZ
192.168.97.1/24 on VLAN_LAN
With a dhcp server with pool 192.168.77.10-192.168.66.254 on bridge1(although I know this is unnecessary as I could set a static IP on the WAN interface of the pfSense machine.
So I get and IP for WAN on the pfSense and the Mikrotik says ether2 is connected to both VLANs. However I can’t connected to the pfSense via VLAN_LAN on ether6.
Any assistance is appreciated!
Note I have ordered 2 Intel NICs for the pfSense machine but would still like to keep the VLANs for that configuration.