One point about the VLAN subnet. You said to use private addresses. While that's likely true for IPv4, with IPv6 you may very well have public addresses you can use. For example, I get a /56 prefix from my ISP. This gives me up to 256 /64 prefixes, any of which can be used for any LAN or VLAN interface. In addition, it's possible to use private address too. On IPv6, they're called Unique Local Addresses (ULA), which can be used in the same manner as RFC1918 addresses on IPv4. Also, there are some situations where you want to be able to access one subnet from another. For example, my main LAN can access anything on my guest WiFi VLAN, but not the other way around.

Please do more pfSense videos! How about a video about firewall rules to segment IoT from other devices and to prevent IoT stuff from "phoning home"

@doctorbah

Жыл бұрын

Agreed; yes, please

Perfect explanation to VLANs! I use aliases on my servers & IoT VLAN so that I have to provide an IP in the alias to allow it to have access to anything. That way, if anything happens and some one gets access to my proxmox server or anything on it, just any DHCP address cannot get out to the internet. I also use Pihole for all of my VLANs except the server VLAN so that a lot of traffic is blocked on the other networks and especially the IoT VLAN.

This VLAN walk-through is awesome. I appreciate all the insight and your teaching method.

I just bought a managed switch for my setup. Thanks for the well timed tutorial!

Very good tutorial. Concise, no fluff, straight to the point. Well done.

Thanks for the videos! You’re one of the few KZreadrs in this space that has a personality and you’re very entertaining to watch. Even if I’ve seen some LSU stuff in some of your videos, you’re not that bad ;)

@RaidOwl

Жыл бұрын

Haha thanks! Geaux tigers 😜

Many thanks. Exactly what I needed to create separate network for noisy IOT devices

I've come back to this video a couple times. Great resource. thanks!

took me a while to figure out vlans but this one video does tick all boxes for me. thank you!

Nicely done video & Very Informative. Thank You!

Oh man this is super well explained. Thanks so much.

Video helped me a lot to achieve setup what I wanted. Keep it going!

Thanks for the walkthrough, wonderfully explained! Am I correct in assuming that without a managed switch, this setup is not feasible? My current setup involves a pfsense, & a primitive, ISP provided wireless AP among other things. This AP probably cannot differentiate between one or more VLANs...

Great video! Thank you for the explanation

Man, you help me A LOOOOOOOOOOOOOOOOOOOOOOT Iwas blocked around like 30 days on a problem, I'm using pfsense too and my VLAN cannot reach my LAN and with ur video I understand why now! Thanks a lot bro!

Good video, explained a lot. Thanks

I'm late to this party, but MAN!! I thank you. This was the slow breakdown I needed.

Thank you for such a great walk through... Some of the fields are now named differently because of the updates to PF Sense.. Can you throw up some text updates on top of the video to account for the mismatch of selection settings..?

Awesome tutorial 😊

Thank you - I have VLANs implemented and they are correct as proved in your video. They do what the firewall is letting them. The problem I have with active VLANs, and could not find any solution, is on adding Zenarmor pfsense. As soon as I activate in Zenarmor the Interface where I have VLANs on, I can't reach any device on the VLANs. The other interfaces provide no problems. The same problem I had before when I was trying to have dual wan with failover in pfSense implemented. Any hint?

ottimo video, Grazie!

Thank you for this video.

Can you explain how to set up Nginx Proxy Manager in a DMZ with Pfsense? I'm running a virtualized Pfsense in Proxmox with two dedicated NICs. I want to use Nginx Proxy Manager in a LXC on the same host to make some services available to the public but with proper security.

How do I put my linux machine in a vlan, please I need to know how have to present a work in college Monday

Thanks for the video. I want to use an old PC with a dual port network card one WAN and one LAN, pfsense installed on SSD drive. I do have the house wired with cat 6 with at least one ethernet outlet per room. The LAN port configured on the pfsense box goes directly to an 24 port managed switch to connect all the wired network. I do not know how to setup VLAN, as in do I configure VLAN on pfsenese or do I use VLAN setup on the 24 port managed switch? Any help?

great video, cheers

thank you

Thank you.

How do you determine what device is on the VLAN? I didn't understand that part.

great vid!

very good video thank you :)

Thank you

Great into to pfsense VLANs. I want to setup an isolated VLAN (IoT) that I can access from my LAN network. I've got it setup where I can ping the IoT from LAN, but can't connect to an HTTP service on the IoT. What I am missing?

Just curious if your still using pfsense or did you switch to open sense or are you using unifi firewall. I can’t figure it out. I set up the vlans and subnets on my network with proxmox, but some of the cluster nodes and VMS can’t reach the Internet.

@RaidOwl

17 күн бұрын

I’m using Unifi now

What is the difference between configuring VLANS on pfsense vs VLANS on switch and do we need both?

Nice presentation of the procedure. I have the problem that the machine connected to the newly created vlan is being assigned with an ip address of the vlan's segment but it has no internet access, cant ping it's gateway and of course can t ping the LAN. At the last part where you create a rule for the dns I suppose it would also work if would have destination any and not udp 53. Still doesn t work though. It might have something to do with outbound NAT which you didn t show on the video. There are 4 options for the outbound NAT. It would be more complete if you would have shown that as well (what rules you created or had been created by default). Of course I still can t figure out why it doesn t work (My outbound NAT is set as Manual Outbound - third of the four options) Any thoughts? PS I used a specific port from pfsense device (it is qotom one with 4 ports). What I mean by that is the igb0 is the wan coming from the modem, the igb1 is for the lan connected to a microtik switch and igb2 transfers vlan20 (only since i didnt used the igb1 which has also the lan).Via a physicala cable it ends up in the last port of the switch where it transfers it untagged to port 23. So I connect port 23 with a laptop for instance it takes an ip of that segment (so eerything is good up until now) but no internet access. Properties of the network card of the laptop shows for all services (DHCP/DNS/GATEWAY) 192.168.20.1

@dimitristsoutsouras2712

Жыл бұрын

New edit: Found the issue and it was on the switch side (Mikrotik one).

I created my whole network set of rules thanks to this video, something that I'm still blasting my head off is when I want to isolate my iot network to prevent the devices seeing each other :/

❤❤❤

Do you have a video explaining how you run certain devices on your network through a VPN? Not sure if you have a video on this already, if you do please send me the link. This video was super helpful by the way as someone whose a totally new to pfsense.

@RaidOwl

Жыл бұрын

I don’t currently have one but Tom Lawrence has a solid video on exactly that. kzread.info/dash/bejne/hpuguMuuZsbah6g.html

@bigturbob7356

Жыл бұрын

@@RaidOwl I appreciate the referral.

If we add all private network subnets on the alias, won't it also block the vlan interface's own private IP addresses as well? What if I need to place a few web servers on the vlan and want them to connect internally via private IPs?

@bopal93

11 ай бұрын

Traffic between a LAN (or a VLAN) never go to the firewall. It goes through only the switch thus it doesn't matter if you are allowing or not allowing any traffic within the subnet network itself. If you want to reach to the other VLAN's, you simply add the allow rule above the invert rule he mentioned.

How do we take this setup and assign guests on a specific Wi-Fi SSID to the Vlan you setup that does not have access to all private networks. Assume the Wi-Fi is on ap’s plugged into a managed layer 2 switch port that also has the pfsense device on one of the switch ports. Thanks! @RaidOwl

@MegaNatebreezy

6 ай бұрын

I have the same question! Were you able to figure it out?

@be-kind00

6 ай бұрын

I'm still working on it using ppsk. ​@@MegaNatebreezy

i would like to set up 3 VLANs... 1 for wifi/devices, 2 for my unraid server, and 3 for my cameras... however i need a docker on unraid to recieve rtsp from the cameras, but i dont want the cameras hitting the WAN, and I want any PC I want to access the Unraid Server (for back up purposes), but keep my server or pc safe if one got attacked the other would be safe.... does that make sense? like could i maake a rule where vlan3 (cameras) only talks to VLAN:8991 to give rtsp data?

Is it posible to send in syslog the vlan name? I see the vlan ID, but no the vlan name.

12:50 what is testVLAN address mean? You didnt have to specify the IP address?

I blocked traffic from LAN -> VLAN25, from VLAN25 -> LAN, and allowed VLAN25 -> Internet. But from LAN, I can ssh a host in VLAN25 (should not happen).

Please make a tutorial to make pfSense to intercept all traffic behind it with my own SSL cert

@cirniman

Жыл бұрын

You mean HAProxy with a wildcart cert of your own domain?

I tried this once before, but I couldn't get my unifi access point to use the new vlan. Is there a trick to adding WiFi devices?

@RaidOwl

Жыл бұрын

Did you go into the Unifi UI and set up the VLAN on that side too?

@1ryanlc

Жыл бұрын

@@RaidOwl I tried, but very possible I missed something. Do I need a managed switch? Right now I'm using a basic TP-Link switch

@RaidOwl

Жыл бұрын

@@1ryanlc Yes, most 'dumb' switches will kill any tagged packets that come in.

@cirniman

Жыл бұрын

@@1ryanlcthat‘s what „vlan only“ stands for when creating a new network within unifi. If your setup is all unifi then you create a network, give it a vlan tag and you‘re good to go. If you‘re mixing up your environment with pfsense/unifi and pfsense is charge of your network creation, unifi still needs to „know“ that there‘s a vlan passing through its switches. You need to create the same network as in pfsense but give it the „vlan only“ and it should work as planned.

@1ryanlc

Жыл бұрын

@@cirniman Thanks so much!! I'll be giving that a try!

Why pfsense cant create a vlan tagging on USB interfaces ?

@RaidOwl

11 ай бұрын

Not sure. I assume the usb device in question supports tagging?

Poor adio volume

I couldn't get DNS to work on the VLAN until I added an Access List under the DNS Resolver for the new VLAN network. Under Services / DNS Resolver / Access Lists, add a new one for the VLAN.