Access to LAN host from vlan

Started by horga83, February 15, 2022, 07:40:31 PM

Previous topic - Next topic
Print
Go Down Pages1 2
User actions
February 15, 2022, 07:40:31 PM Last Edit: February 15, 2022, 10:25:10 PM by horga83
Running 22.1

I have an issue where I have a VLAN, igb1_vlan10 and I can reach the LAN address of 192.168.1.1 (the fw) but I cannot reach a LAN host such as 192.168.1.253, can't even ping it.

I have 2 VLAN's igb1_vlan10 and igb1_vlan20.  I can send packets between VLAN's just fine and access hosts on the VLAN's from each other.  I can reach the Internet without issue from the LAN and all VLANS.

Not sure what I'm missing.  Can anyone provide a suggestion?

PS: Just to add to this I have opened all VLAN's and the LAN to all traffic and protocols without success.

Thanks.
September 15, 2022, 05:46:12 AM #1
dchp might be a issue
if you have or even have not fixed this u can msg me i have discord can send pics of what i did and in return maybe you can help me figure out rules . cuz fire wall rules are a pain yes .
October 02, 2022, 03:15:04 PM #2
Is there any solution to this? I have the same kind of issue.

i have 2 Vlans I am trying to get communication to travel between but its not working. what i am trying to accomplish is remotely access devices sitting on this vlan like WAPs and network printers.

Vlan10 --> Vlan20
10.20 --> 20.1 = ping requests received
10.20 --> 20.10 = ping requests not received
October 02, 2022, 04:01:17 PM #3
Check windows firewall.
You're going between 2 different subnets so you would need an exception in the windows firewall.
October 02, 2022, 07:23:49 PM #4
i tried turning off the windows firewall and it is still doing the same.
October 02, 2022, 10:33:17 PM #5
It would probably have been better to open a separate thread. The only similarity is traffic across vlans.
In any case, allow and deny rules need to be created. Can you show your rules for the VLAN ?
October 03, 2022, 12:11:09 PM #6
only rule in play at the moment

action: pass
direction: in
protocol: ipv4*
source: *
port: *
destination: *
port: *
gateway: *
October 07, 2022, 01:07:38 PM #7
i am guessing no one has a solution to this problem.
October 07, 2022, 01:14:26 PM #8
Sorry, missed that. But what is this, what is it trying to tell?
QuoteVlan10 --> Vlan20
10.20 --> 20.1 = ping requests received
10.20 --> 20.10 = ping requests not received
Which interface this rule is for?
Code Select
action: pass
direction: in
protocol: ipv4*
source: *
port: *
destination: *
port: *
gateway: *
October 08, 2022, 06:39:32 PM #9
Vlan10 --> Vlan20
10.20 --> 20.1 = ping requests received
10.20 --> 20.10 = ping requests not received

these are the IP addresses. "xx.yy.10.1, xx.yy.10.20, xx.yy.20.1, xx.yy.20.10". x and y are the same for these.

action: pass
direction: in
protocol: ipv4*
source: *
port: *
destination: *
port: *
gateway: *

this rule is applied to both. when i get it working properly talking to each other i will make some other rules, because i will be able to tell what is affecting what things. right now it has access to internet. they just arent passing traffic between the vlans.
October 08, 2022, 11:36:30 PM #10
Try this to pass traffic from Vlan 10 to 20:
On VLAN20 set a firewall rule:
action: pass
interface: VLAN20
direction: in
tcp/ip : ipv4
potocol: any
source: VLAN10 net
port: *
destination: VLAN20 net
port: *
gateway: default
That would be a firewall rule to incoming traffic from vlan10 to vlan20.
October 09, 2022, 01:15:48 AM #11
Quote from: cookiemonster on October 08, 2022, 11:36:30 PM
Try this to pass traffic from Vlan 10 to 20:
On VLAN20 set a firewall rule:
action: pass
interface: VLAN20
direction: in
tcp/ip : ipv4
potocol: any
source: VLAN10 net
port: *
destination: VLAN20 net
port: *
gateway: default
That would be a firewall rule to incoming traffic from vlan10 to vlan20.

How could vlan10 ever be a source on vlan20 interface??
Reverse the source and destinations.
October 09, 2022, 04:31:18 PM #12
Well, I probably thought that because it is what the firewall is telling me. I start a ping from VLAN10 to VLAN20 and this is what it shows on the firewall.

firewall:diagnostics:sessions
dir  proto     source              destination
->  icmp     xx.xx.10.20:1    xx.xx.20.10:1
<-  icmp     xx.xx.10.20:1     xx.xx.20.10:1

I tried reversing the firewall rule as suggested it is not allowing any traffic from one vlan to the other still.

action: pass
interface: VLAN20
direction: in
tcp/ip : ipv4
potocol: any
source: VLAN20 net
port: *
destination: VLAN10 net
port: *
gateway: default
October 09, 2022, 05:35:38 PM #13
You have to have a rule on both interfaces if you want traffic both ways.

The way it works is if a device on vlan 20 needs to access a device on vlan 10, you need a pass rule on vlan 20 interface. This will create a state and allow traffic.
If you want  all devices on both vlans to access each other, you need to add a pass rule on vlan 10 to vlan 20 also.

What exactly do you want?

Post pics of your vlan configs.
October 09, 2022, 09:58:54 PM #14
Quote from: Demusman on October 09, 2022, 01:15:48 AM
Quote from: cookiemonster on October 08, 2022, 11:36:30 PM
Try this to pass traffic from Vlan 10 to 20:
On VLAN20 set a firewall rule:
action: pass
interface: VLAN20
direction: in
tcp/ip : ipv4
potocol: any
source: VLAN10 net
port: *
destination: VLAN20 net
port: *
gateway: default
That would be a firewall rule to incoming traffic from vlan10 to vlan20.

How could vlan10 ever be a source on vlan20 interface??
Reverse the source and destinations.
Ok my mistake.
Print
Go Up Pages1 2
User actions