Author Topic: UDP Broadcast blocked on in-active Interface (Read 3710 times)

phab · « **on:** August 22, 2018, 08:33:12 pm »

Hi Forum

Background: went from a smoothly running Monowall to Opnsense

. Having following issue though:

3 x VLANs all running on the physical LAN Interface which itself is not active of course.
BUT - it seems that broadcast get block on the LAN Interface itself:

LAN Aug 22 20:27:57 10.77.1.238:50508 255.255.255.255:10001 udp Default deny rule

Bug or Feature?

Goal would be to use 3 vlans for 3 subnets wich different rules and wifi networks, this on a switch port (trunk) which forwards all 3 vlans --> all working allright - just the broadcast.

Should I enable the LAN again within the vlan that the device resides in? Little lost here.

Thanks!
phab

phab · « **Reply #1 on:** August 22, 2018, 08:41:38 pm »

And forgot to mention it - of course I cannot create a corresponding fwl rule cause the interface ain't there ...

marjohn56 · « **Reply #2 on:** August 22, 2018, 09:10:41 pm »

If you've disabled the LAN then I would say yes. The LAN is the parent interface.

phab · « **Reply #3 on:** August 22, 2018, 09:28:09 pm »

The LAN Interface is assigned yes - but not enabled as such, as I only need interfaces with vlans configured. everything else is working though, just not the broadcast.

Is is recommended to have the parent Interface active when just working with interfaces based on vlans?
Does it need to be in a specific vlan? Or can I just assign an unused network like 192.168.1.0 and be done with it?

thanks again

marjohn56 · « **Reply #4 on:** August 22, 2018, 11:21:26 pm »

Sorry, I'm misleading you.... I often do that.

The VLANs have been assigned to a specific NIC, and you have set up the statics etc.

Not quite sure how you are connecting to the GUI if you have disabled the LAN?

Here's a Youtube video. It's for an older pfsense version, but the setup is the same principle.

https://www.youtube.com/watch?v=uF13fqQvGCs

phab · « **Reply #5 on:** August 23, 2018, 08:02:00 pm »

hey marjohn56

thanks for your answer. Mabye I am not laying it out right:

the broadcast message blocked:
LAN Aug 22 20:27:57 10.77.1.238:50508 255.255.255.255:10001 udp Default deny rule

is arriving in on the wrong interface: 10.77.1.0/24 net is assigned to OPT1_VLAN_77 and not the physical LAN interface which of course does not have a VLAN assigned (not possible - or I am starring at the wrong tree in this forrest).

I cannot create a rule for this (wrong netowrk on wrong interface) or assing the LAN to that nework.

phab · « **Reply #6 on:** August 23, 2018, 08:28:24 pm »

SOLVED !!!

Seems to have been some weird ARP issue - all switches and & opnsense have been rebooted - now no more bad packets on wrong interfaces

THANKS forum!

marjohn56 · « **Reply #7 on:** August 23, 2018, 09:17:14 pm »

Ah.. the old ''have you tried powering off and on again' routine..

Author Topic: UDP Broadcast blocked on in-active Interface (Read 3710 times)

phab

UDP Broadcast blocked on in-active Interface

phab

Re: UDP Broadcast blocked on in-active Interface

marjohn56

Re: UDP Broadcast blocked on in-active Interface

phab

Re: UDP Broadcast blocked on in-active Interface

marjohn56

Re: UDP Broadcast blocked on in-active Interface

phab

Re: UDP Broadcast blocked on in-active Interface

phab

Re: UDP Broadcast blocked on in-active Interface

marjohn56

Re: UDP Broadcast blocked on in-active Interface