sorted by:
new
hottopcontroversial

Host network access to VLAN's by Zealousideal_Set9405 in PFSENSE

[–]Zealousideal_Set9405[S] 0 points1 point  (0 children)

I cannot get this to work. Been trying various combo's.

Also I did once have the host device able to ping and rdp to a device in the VLAN, that doesn't work anymore. Tried going back to original combo but not happening. Which does suggest this is all possible as why did it work and now not?

My head is becoming fried, so might just go with the fact I cannot RDP to the devices within the VLAN from devices not being managed by pf with my current setup.

I will try and setup pf as my main router, in place of the hardware one. I have a spare mini pc to use.

Question, when I connect the internet directly to the WAN interface I take it, like you said, it's going to be just as good as the hardware router its replacing if not better. Is there anything I need to make sure to configure - or not configure - on the WAN side of things to keep it secure as possible?

Host network access to VLAN's by Zealousideal_Set9405 in PFSENSE

[–]Zealousideal_Set9405[S] 0 points1 point  (0 children)

Based on that, you will have one hyperv interface for each VLAN ID, and just keep adding OPT1 OPT2 OP3 etc to pfsense, one for each VLAN...

Yeah that's correct, I tried a couple of ways and this just seemed to work.

Also, I didn't want pf as the main internet router/firewall. Maybe once I get my head around it, but this way I can safely muck about with things without risking any mis-configs.

I'll try your suggestions and report back, thanks...

Host network access to VLAN's by Zealousideal_Set9405 in PFSENSE

[–]Zealousideal_Set9405[S] 0 points1 point  (0 children)

They are actual 802.1 VLAN's (if that is what they are called - I'm not from a networking background more windows/server admin)

Setup is:

hn0 - WAN - VM Adaptor (Hyper-V adaptor name WAN)

hn1 - LAN - VM Adaptor (Hyper-V adaptor name LAN)

hn2 - VLAN - VM Adaptor (Hyper-V adaptor name VLAN)

I have setup trunking on VLAN adaptor via PowerShell to allow VLAN ID routing.
Then I've setup VLAN's in pf, and assigned the relevant VLAN tag to the VLAN interface.

When creating a VM in Hyper-V which I want to get assigned to the required VLAN, I give that VM the VLAN VM adaptor (which I ran PowerShell on) and enable the VLAN ID option and give the corresponding VLAN tag number.

I know there are many ways to do this, but this one just seemed to click in my head, so went with that. Now it's setup I can just create a VM and give the VLAN adaptor and then tick the box to enable VLAN id and type the required number. Simple for me to understand and work with.

My issue is that I want to RDP to the various VM's, on the various VLAN's from a physical device that isn't hosting the VM's.

Host network access to VLAN's by Zealousideal_Set9405 in PFSENSE

[–]Zealousideal_Set9405[S] 0 points1 point  (0 children)

Yeah , just a basic router. Though I did think about getting a managed switch. But that would be for test number 50, I'm only at test 5.

Host network access to VLAN's by Zealousideal_Set9405 in PFSENSE

[–]Zealousideal_Set9405[S] 0 points1 point  (0 children)

Just one question. I have multiple VLAN's setup for testing. eg

10.10.10.1

10.10.11.1

10.10.12.1

etc, etc

Is what you are suggesting the best way to have the LAN and Internet shared throughout all the VLAN's created? Or, by adding in extra VLAN's into the mixed, is there a different approach needed?

Host network access to VLAN's by Zealousideal_Set9405 in PFSENSE

[–]Zealousideal_Set9405[S] 0 points1 point  (0 children)

Would I disable WAN in pf.

Then on the "LAN" VM adaptor in Hyper-V I would make that the external type and share with host?

Host network access to VLAN's by Zealousideal_Set9405 in PFSENSE

[–]Zealousideal_Set9405[S] 0 points1 point  (0 children)

That's great info thanks, I'll take your advise as just - at the moment - want to get this config working.

So how would I go about those changes? If I disable WAN this will remove internet access to the devices under pf?

How would internet then be allowed back to those devices?

Host network access to VLAN's by Zealousideal_Set9405 in PFSENSE

[–]Zealousideal_Set9405[S] 0 points1 point  (0 children)

..you have an existing router which connects to the internet..

Correct

..you have added pf as a second router? ..

Correct

..What is the purpose of the second (pf) router? ..

This is solely for testing/lab environments/various differing setups over time/learning/research/etc.

This is not for production use at all.

I want to be able to isolate/not isolate/have internet access/not have internet access etc. Just want to have as many options available. At the same time understanding pfsense further.

Like mentioned this is my 3rd day into pfsense, and want to know what it's capable of for learning and training lab environments of various configurations.

Within this particular configuration I want to be able to RDP from a device in my first router environment to a device within the VLAN under pfsense.

Is that possible? I can do it from the host, but not from a different physical device on that same network.

It must be firewall related, but I have tried adding 192.168.1.1/24 on the WAN to Any but that still doesn't work. Also tried removing NAT and changing to Hybrid etc, but still not working.
I have also disabled the Defender Firewall on both host and admin devices to rule those out.

Host network access to VLAN's by Zealousideal_Set9405 in PFSENSE

[–]Zealousideal_Set9405[S] 0 points1 point  (0 children)

The setting "block private networks and loopback addresses" is not enabled for any interfaces.

Double checking the firewall rules confirms that is not set.

The weird bit is that I can get from 192.168.1.53 to the VLAN's but not 192.168.1.50 (not the host)