Access to LAN host from vlan

[dd31879]

Try this to pass traffic from Vlan 10 to 20:
On VLAN20 set a firewall rule:
action: pass
interface: VLAN20
direction: in
tcp/ip : ipv4
potocol: any
source: VLAN10 net
port: *
destination: VLAN20 net
port: *
gateway: default
That would be a firewall rule to incoming traffic from vlan10 to vlan20.

How could vlan10 ever be a source on vlan20 interface??
Reverse the source and destinations.

Ok my mistake.

here ya go. i took out all the rules on the Vlan interfaces themselves because not working anyway.

Vlan group has just a default rule setup.

no traffic is being passed between Vlans.

Where do we go from here.

https://drive.google.com/file/d/11Q0ISTmTSDEbgI9mXWPRLasFrPECVHVj/view?usp=sharing

https://drive.google.com/file/d/1cXuynNP1K-Kk6ZY0C6Tp4BDQ7T-hQSkw/view?usp=sharing

[Demusman]

First, get rid of the group. Put the rules on the interfaces themselves.
Then, add an any,any rule on the LAN and all vlans.
Traffic will now pass.
Then, tune the rules to what is needed.

[dd31879]

I have taken the vlans out of group and put individual rules on them. Still no traffic.

https://drive.google.com/file/d/1U43_eoNqqj4x34QV5ACD0ogxXYQjdu7P/view?usp=sharing

[Demusman]

Did you put the same rule on the vlan interfaces?
Post pics of everything applicable.

Also, show a drawing of how everything is connected. You can use this: https://cloud.smartdraw.com/editor.aspx?templateId=aab5d49c-57b2-4cf4-bb77-bf83ea54a750&flags=128

[dd31879]

Did you put the same rule on the vlan interfaces?
yes.

Also, show a drawing of how everything is connected
its not that serious of a network that you need a flow chart.

[PFSENSE] => [SWITCH] => [Computers,APs,Printers,etc.]

Simple. One firewall. One Switch.

[Demusman]

No, it's not that simple.
What ports are connected to each other?
What ports are tagged with vlans?
What ports are untagged with vlans?

Show how everything is connected.