Inter-VLAN routing - Help needed

Started by fearz, October 06, 2024, 10:37:58 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
October 06, 2024, 10:37:58 AM
Hello,

Here is my setup:

Proxmox with OpnSense with 3 NICS (bridged)
NIC1: WAN1
NIC2: LAN
NIC3: WAN2

I have OpnSense configured with the LAN interface (192.168.4.1)

I have Multi-WAN configured grouped in WAN_GRP and I have the firewall rules set any-any default gateway WAN_GRP & a DNS rule in firewall above the any-any to allow UDP/DNS requests

I have 2 VLANS (192.168.3.1 - named "muffin") & (192.168.2.1) VLAN 30 & VLAN 20 respectively on a managed Linksys switch.

I am able from management interface to talk with all VLANs

What I want to do is to have the VLANs talk with each others, i'm unable to achieve that.

VLAN 30 is able to ping the 192.168.4.1 gateway but not devices in it.

I dont have block private networks checked on any of the LAN/VLAN interfaces.

Attached are my rules, i'd appreciate any help please.
October 06, 2024, 10:46:09 AM #1
If "WNGR" is your WAN gateway group, your first rule will be trying to use that for traffic from LAN to "muffin net", which you don't want - change Gateway for that rule to "default". You'll need rules on the VLAN interfaces too.
October 06, 2024, 08:54:09 PM #2
Quote from: dseven on October 06, 2024, 10:46:09 AM
If "WNGR" is your WAN gateway group, your first rule will be trying to use that for traffic from LAN to "muffin net", which you don't want - change Gateway for that rule to "default". You'll need rules on the VLAN interfaces too.
Tried that, didnt work.

Can you let me know what are the exact rules needed on LAN & VLAN to have them both talking to each-others?

Thanks


Sent from my iPhone using Tapatalk
October 06, 2024, 09:05:53 PM #3
Assuming you mean unfiltered access between LAN and VLAN in both directions....

On the LAN interface, create a rule with destination "muffin net", and everything else left at defaults.

On the muffin interface, create a rule with destination "LAN net", and everything else left at defaults.

Make sure those rules are above any more general rules - especially any that use a specific gateway [group]
October 06, 2024, 10:59:12 PM #4
Hi,

Also didn't work, any other suggestions please?

I did as you said and even added a reverse rule on both interfaces, I still can't ping nor access from each others.
October 07, 2024, 09:55:03 AM #5
You still don't have a rule on your LAN interface to allow all traffic to "muffin net". The first rule is backwards. The second rule has a destination of "asus net". The third rule has protocol "IPv4 TCP" (ping uses ICMP).

You should be able to ping from muffin to LAN now, though. If that's not working, you have some other problem (maybe VLAN setup)
October 07, 2024, 12:11:10 PM #6
Quote from: dseven on October 07, 2024, 09:55:03 AM
You still don't have a rule on your LAN interface to allow all traffic to "muffin net". The first rule is backwards. The second rule has a destination of "asus net". The third rule has protocol "IPv4 TCP" (ping uses ICMP).

You should be able to ping from muffin to LAN now, though. If that's not working, you have some other problem (maybe VLAN setup)
All good now, many thanks.

It was a mixture of those rules + misconfigurations in proxmox NICs.

Much appreciated dseven, have a great day.


Sent from my iPhone using Tapatalk
Print
Go Up Pages1
User actions