Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
VLAN traffic shows up in forewall under LAN interface
« previous
next »
Print
Pages: [
1
]
Author
Topic: VLAN traffic shows up in forewall under LAN interface (Read 357 times)
andyman1222
Newbie
Posts: 1
Karma: 0
VLAN traffic shows up in forewall under LAN interface
«
on:
August 16, 2024, 06:58:12 am »
I've been trying to get some VLANs working. The VLAN setup in question is bridged with two tagged interfaces (eno1.vlan1222 and eno2.vlan1222 for example, members of bridge br2, both tagged 1222). The bridge is assigned interface say VLAN1222_INF with a static IP 10.252.0.1/16.
Some of the issues I've been having is getting traffic working thru the VLAN. For example, if I try to ping (or nslookup, or etc.) 1.1.1.1 or 10.252.0.1 on eno1 or eno2 thru their VLAN interfaces, I see on the firewall a request and reply logged and pass (see attached image), however the interfaces do not receive anything
However, what I'm more specifically asking about, is that the firewall capture is reported on the LAN interface, which is an untagged bridge with IP 10.0.0.1/9, the source and destination IPs aren't even in the subnet. Because of this, rules I've been making to get VLANs working have been floating on all interfaces (sometimes traffic is reported on the VLAN interface, typically broadcast).
Why is the traffic showing up on the LAN interface and not the VLAN? Is there some fix for this, like some tunable to configure? Could this be a hint to the underlying issue why packets aren't being received by the VLAN members (perhaps it's routing thru the LAN interface, though the routing tables show 10.252.0.0/16->VLAN1222_INF)?
Logged
dseven
Sr. Member
Posts: 312
Karma: 33
Re: VLAN traffic shows up in forewall under LAN interface
«
Reply #1 on:
August 18, 2024, 11:06:01 am »
I assume that these "eno" interfaces are on some Linux box that's separate from whatever you're running opnsense on? Is there a switch in between? I'm not sure what's the purpose of your bridge, but it sounds convoluted - maybe you could get VLANs working without the bridge first, then maybe add it to the mix again later (if it really has some purpose).
Logged
doktornotor
Hero Member
Posts: 709
Karma: 70
Re: VLAN traffic shows up in forewall under LAN interface
«
Reply #2 on:
August 18, 2024, 11:44:48 am »
+1 on the above. Bridging sucks.
Otherwise, as I vaguely recall getting the "expected" behaviour required flipping these defaults:
Code:
[Select]
net.link.bridge.pfil_member: 1
net.link.bridge.pfil_bridge: 0
the other way round, and that is even without the VLANs in picture (say, bridging LAN and WLAN, or two physical ports.)
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
VLAN traffic shows up in forewall under LAN interface