Jump to content

Pfsense Vlan Config!


singh763173
 Share

Recommended Posts

Hi all!

I was wondering if anyone had set up PFSense vlans successfully. I followed a guide online but for some reason DHCP never dished out IP addresses and I only got a loopback address.

The machine I am using has 4 NICs and I want to setup two vlans. I previously set it up using the LAN port rather than WAN and connected it to my linksys WAG120N Modem/Router.

What I want to do is setup two vlans with internet access with dhcp running off the pfsense box and disable dhcp from the wag120n. Its proving harder than I first thought!

Link to comment
Share on other sites

If you want to create Vlans, I would suggest using a switch that is vlan capable it would be a lot easier to implement.

Anyway, I found this Pfsense Vlan tutorial, might want to give it a crack at

http://doc.pfsense.org/index.php/Multi-WAN_using_VLANs_with_pfSense

Here's Pfsense forum thread.

http://forum.pfsense.org/index.php?topic=30917.0

Edited by Infiltrator
Link to comment
Share on other sites

I have two switches which I was using in the setup to test. But I even bypassed that and connected my laptop straight to the NIC using a standard patch and a xover cable. Still got a loopback add. Reading over those links now, thanks.

Have you ever used ClearOS?

Link to comment
Share on other sites

Have you ever used ClearOS?

Not ClearOS, but have used Pfsense and other firewall distros?

Link to comment
Share on other sites

Out of all the ones you've used so far, what would you say was the best?

I tried to install ClearOS on my machine but had the issue with the screen reso but then VM'd it and was playing it - looks cool but cant see a vLan setup area. Im probably going to go back to PFSense but was a little lazy and couldnt be bothere to burn it to my USB earlier =[

Link to comment
Share on other sites

I wouldn't say Untangle was the best, but due to its ease of use and simplicity, it was a firewall distro I liked the most.

Link to comment
Share on other sites

That is the point for your DMZ (Demilitarization Zone) and you can set NAT (Network Address Translation) to forward all your external requests to the DMZ so your LAN isn't on the internet and vulnerable to attack.

This walkthrough helped me a lot Link

Here's the topology of my setup too...

http://forums.hak5.org/index.php?app=core&module=attach&section=attach&attach_rel_module=post&attach_id=672

Edited by The Sorrow
Link to comment
Share on other sites

Not sure your topology, but each vlan, will need to have a unique vlan ID,vlan trunking on the router and switch ports, and a unique subnet/subnet mask for each segment of the vlan with DHCP for 4 subnets. Depending on the equipment, you need the 802.1q protocol enabled on the router and switches.

ex:

192.168.1.0-15 with a mask of 255.255.255.240 for the first subnet and allows up to 14 addresses (192.168.1.1-192.168.1.14). Next subnet would be 192.168.1.16-31 with same mask(allowing nodes on 192.168.1.17-192.168.1.30), etc, etc. you then need to be able to shell out DHCP for the 4 subnets/vlans in the ranges per subnet, and can't overlap.

Edited by digip
Link to comment
Share on other sites

I just want to be able to dish to scopes - 192.168.1.x and 2.x and have them setup on their own individual NICs therefore negating the need for a 802.1q router/switch which are often costly and can be avoided by using multiple standard switches. Cheap and cheerful but it works.

I think I might know what the issue is - I think I might not have configured the firewall rules correctly - I will need to rebuild the box (been messing around with other distros) and then re-test.

I know for the amount of devices I will be running - running two scopes with the 24 bit subnet is rather excessive but it gives me a little more peace of mind :P

Link to comment
Share on other sites

I just want to be able to dish to scopes - 192.168.1.x and 2.x and have them setup on their own individual NICs therefore negating the need for a 802.1q router/switch which are often costly and can be avoided by using multiple standard switches. Cheap and cheerful but it works.

I think I might know what the issue is - I think I might not have configured the firewall rules correctly - I will need to rebuild the box (been messing around with other distros) and then re-test.

I know for the amount of devices I will be running - running two scopes with the 24 bit subnet is rather excessive but it gives me a little more peace of mind :P

If you are trying 192.168.1.0/24, 192.168.2.0/24, 192.168.3.0/24 and 192.168.4.0/24, that should work without vlans and they shouldn't be able to see each other at all if configured properly. You just need a gateway address unique to each subnet per adapter of the router going out to the switch(es). You mentioned 4 NIC's so each NIC would be need to be configured as the gateway for a different subnet.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...