Show Posts
1
21.1 Legacy Series / Subnet Traffic Blocked
« on: March 15, 2021, 03:05:08 am »
Hi All,
New user here, just switched from Untangle Firewall.
I got OPNSense Setup and updated all to latest version. My setup is as follows:
Modem -> Opnsense 192.168.2.1 -> Cisco SG350 192.168.2.10 -> VLAN 20-50 192.168.20-50.0. The VLANs are segregated from the firewall and I'd like to keep it that way. All inter-vlan routing is working correctly. Firewall is Core i5-6500 w/ 16GB Ram & 2 - 1gb Intel adapters.
The firewall has one DHCP server 192.168.2.100-200. Then my switch has it's own DHCP servers w/ DNS for the VLANs.
To get the firewall to see and allow traffic from my VLANs I've created Gateways, Routes, Firewall Rules and NAT Outbound rules per https://greigmitchell.co.uk/2019/08/configuring-intervlan-routing-with-a-layer-3-switch-and-pfsense/.
The firewall 192.168.2.1 and all devices on 192.168.2.0 can access internet, however all VLANs are being blocked. Per Firewall Live View, all blocks are coming from a VLAN IP to X.X.X.X:53 on UDP. I've tried multiple things to unblock DNS and allow it pass to no avail.
Does anyone have a recommendation on how best to fix this issue? Should I setup a DNS forwarder? Should I open port 53?
Please help and thanks in advance!
New user here, just switched from Untangle Firewall.
I got OPNSense Setup and updated all to latest version. My setup is as follows:
Modem -> Opnsense 192.168.2.1 -> Cisco SG350 192.168.2.10 -> VLAN 20-50 192.168.20-50.0. The VLANs are segregated from the firewall and I'd like to keep it that way. All inter-vlan routing is working correctly. Firewall is Core i5-6500 w/ 16GB Ram & 2 - 1gb Intel adapters.
The firewall has one DHCP server 192.168.2.100-200. Then my switch has it's own DHCP servers w/ DNS for the VLANs.
To get the firewall to see and allow traffic from my VLANs I've created Gateways, Routes, Firewall Rules and NAT Outbound rules per https://greigmitchell.co.uk/2019/08/configuring-intervlan-routing-with-a-layer-3-switch-and-pfsense/.
The firewall 192.168.2.1 and all devices on 192.168.2.0 can access internet, however all VLANs are being blocked. Per Firewall Live View, all blocks are coming from a VLAN IP to X.X.X.X:53 on UDP. I've tried multiple things to unblock DNS and allow it pass to no avail.
Does anyone have a recommendation on how best to fix this issue? Should I setup a DNS forwarder? Should I open port 53?
Please help and thanks in advance!