I am setting up pfSense and other equipment at home behind my existing router before I deploy it.
I have pfSense setup with 2 VLANs: 10 and 20, they are both on the LAN interface.
Each VLAN is assigned to an interface, enabled, has DHCP enabled, and an ip range set like 10.0.10.1/24 and 10.0.20.1/24
My switch (tp-link TL-SG1016DE) has VLANs setup with both tagged on the pfSense port and untagged on the relevant ports for two windows 10 machines.
Both machines are getting the correct ip assigned for their subnet and both have internet access.
I have setup an allow all rule on both VLANs but cant get the machines to ping each other.
(eventually i want to add rules to only allow certain machines to talk to each other)
There must be something obvious that I’m missing but all the tutorials I’ve looked at just said “set an allow all rule and it just works”
Your networks need bridging on the pfSense machine to enable to see each other. However, that kinda negates the reason for getting 2 different networks for those machines in the first place.
The reason for two networks is that one will have mission critical data and internet traffic and the other is only for control, monitoring, backups etc. and I want to limit internet bandwidth and do other QOS on the non critical network.
For now I have an allow all rule to try and get it working but I will later lock it down so only certain machines can communicate.
I have disabled the default rules on the default LAN network except for the anti-lockout rule.
The machine on the 20 VLAN can ping google(dot)com, pfsense on the same VLAN (10.0.20.1), and also pfsense on the 10 VLAN (10.0.10.1) but not the other windows machine on the 10 VLAN (10.0.10.3)
Could it be something to do with the fact that I’m running it behind another router? It is a different IP range (192.168.0.1/24) and I disabled Block RFC1918 Private Networks and Block bogon networks as was recommended in a tutorial for setting up in a “lab” environment.
Could it be the firewall on the windows machine? The fact that you can ping the pfsense interface on another VLAN indicates that it’s routing correctly. You can always check the firewall logs in pfsense but those rules should work.