Topics

1

Hardware and Performance / traffic between untagged vlan and a tagged vlan basically dies

« on: February 03, 2022, 11:17:06 pm »

I am scratching my head on how to solve this.

I have one primary untagged LAN (60_LAN)  and 3 VLANs (70_VLAN/80_VLAN/90_VLAN). No VLAN is allowed to access the primary lan but primary lan can access all other VLANs.

My speeds from primary LAN to any other tagged LAN (60_LAN -> 70_VLAN) are atrocius. Connections can be established in the case of accessing a web page or starting a remote desktop session but the performance is very spotty. In other cases, I cannot establish a connection at all. iperf3 basically dies after getting to 2 Mbps. rsync won't work at all.

If I disable pf (from the GUI or the shell), everything works correctly with the expected speed and performance. As soon as I enable pf, all traffic from primary lan to other vlans goes to shit. All traffic between the tagged VLANs is fine with pf enabled.

I have disabled all hardware filtering etc.
I do not have any intrusion detection turned on.
I do not have any trafffic shaping/QoS rules.
I have a single WAN configuration.
I installed the vendor realtek driver (the card does not have issues passing traffic between tagged VLANs or between the tagged and untagged vlan if i disable pf)

What gives?

2

General Discussion / Help me understand why this firewall rule is being invoked?

« on: January 31, 2022, 10:58:16 am »

I installed opnsense in a KVM, passed through two realtek NICs for LAN and WAN. LAN has 4 VLANs. I have not configured any firewall rules for any other VLANs. LAN has the default generated rules. All devices on LAN have WAN access without issue.

Now this particular device (a macbook) on LAN has blocked packets arriving on the firewall. See image Blocked.jpg. All other devices (imacs, iphones) are not seeing the same "default deny rule" being invoked.

What is triggering this rule only for this particular device?