Laptop & Managed Switch (TL-SG10) & VLANs

[z0rk]

Plug a pc into port 2 on the switch with a static address in the same subnet as the wan and see if you can ping it.

I was able to ping it.
Then I switched WAN back to DHCP, left the the firewall disabled, and plugged my modem in. It instantly picked up a public IP address from my ISP.

[Demusman]

Not sure about this but once you set the WAN back to dhcp, that probably enabled the firewall again.
You can check by running pfctl -e, it'll probably say it's already enabled. Again, not sure if that enables it but any change in rules does so that may also.

You didn't say what type of internet, if you have a cable modem you will have to power cycle it anytime you change the directly connected device.
I wonder if your dhcp lease expired before you plugged the laptop back in and that's why it worked now. If you get a public IP there shouldn't be anything blocking that in the firewall.

Obviously, if it isn't already, reenable pf and see what happens.

[z0rk]

Not sure about this but once you set the WAN back to dhcp, that probably enabled the firewall again.
You can check by running pfctl -e, it'll probably say it's already enabled. Again, not sure if that enables it but any change in rules does so that may also.

That would make sense as a best practice security measure. Also, after I switched back to DHCP I didn't power cycle the modem I only re-seated it back into port 2 and it picked up an IP immediately.

You didn't say what type of internet, if you have a cable modem you will have to power cycle it anytime you change the directly connected device.

It's a cable modem. Generally speaking I found this to be true, but not always, e.g. after I disconnected the modem from the switch I re-seated it back into my production OPNsense box and it picked up an IP without the need to power cycle.

I wonder if your dhcp lease expired before you plugged the laptop back in and that's why it worked now. If you get a public IP there shouldn't be anything blocking that in the firewall.
Obviously, if it isn't already, reenable pf and see what happens.

Possibly, I should have taken note of the IP. First I thought it was maybe related to a firewall rule as well, but I went over my WAN rules and they're identical to the rules of my production machine.
The next thing I'll try is to power cycle the modem and this time I will wait longer to see if it picks up an IP. Maybe I just didn't wait long enough.

Thanks!