I know Tom did a video showing how to have multiple lans and have lan ping opt1 but opt1 not ping lan. I can’t seem to find the video or remember how to configure the rules. Right now my rules are set to the basics and I can’t ping back and forth between either right now.
I am using the opt1 and opt2 interfaces because it seems that lan is malfunctioning and won’t pass internet through.
Welcome to the forums and I have that covered in this video:
Thanks. I have been watching the videos for a while and learned tons, I will have to bookmark this video this time.
Watched that video. There was a better one that I followed when I set it up the first time, but lost my config due to my vm corrupting. The video I followed and you showed pinging back and forth was using your lab set up or your home network. You showed what rules needed to be configured to ping between your IOT device network and user network, then you added a block rule and then you could only ping from your users network to the IOT and not the IOT to user network. I am just setting this up on my own home network and with everything going on and working from home I want work to be separate from home, but still be able to ping it from my home network to troubleshoot if ever needed.
My guest vlan is blocked from going anywhere except the internet. My other vLans can access anything on the guest vlan.
Think that is basically what you want.
I first defined an Alias for all my Local-Subnets; in the (guest vlan) rules I created a rule to block access to Local-Subnets, above it I created a rule to allow the Guest vlan to go anywhere except the Local-Subnets. You can use the “Invert match” in the destination for your rule.
Remember the rules work from top to bottom so the order is important.
It took me a while to get my head around the rules, starting from a block everything rule and then tweaking what I wanted helped me.
Unfortunately I have tried to use vlans on my setup but I have yet to get them to even pass DHCP through them. Running pfsense as a VM on esxi hosted on a r610 just doesn’t seem to like vlans. I have to part out my network on to different interfaces it have any kind of separation for my office computer.
I run all my pfSense intstances in VMware as well. Do you have multiple interfaces on your VMware each assigned a specific VLAN/network or do you have one interface setup as a trunk port?
I have individual interfaces configured, I tried to configure multiple vlans off one port and didn’t work. I was lucky enough to have a spare dual nic in a server I parted out. All of my networks have their own interface and the switch is in control of vlans.
