Pfsense transparent vlan trunk configuration
Pfsense transparent vlan trunk configuration
pfSense isn't meant for inline configuration. You can't modify it via the command line—it will erase all changes. The GUI doesn’t support trunking VLANs directly. You’d need to set up a separate VLAN interface and strip non-VLAN devices from your interfaces. Data would spill over if you keep using regular interfaces, and pfSense will remove any VLAN tags unless you manually add them. You’re left with whatever VLAN configuration you created on the switch (assuming it’s 1). Are you looking for a feature that works inline, or is there another tool you prefer? I think Sophos’ UTM might offer an inline option. It also frustrates me trying to imagine using a single physical port on pfSense while positioning it between your router and switch effectively. Seems like traffic would still reach its destination regardless of pfSense. If your real connection is Router > Switch > pfSense, it’s doable with VLANs, though it’s not ideal. Wouldn’t you tag the traffic on the router, which the switch would interpret and forward to all ports in that VLAN group?
I just recalled something—did you navigate to Firewall > Rules and insert the “accept all from network” entry for the interface (bridge10, where you placed the IP address)? Remembering that when you create interfaces manually, this setting doesn’t apply automatically, and it defaults to blocking all traffic, so pings won’t work. The standard rule should look like: Protocol: Any Source: (interface) net (for example “bridge10 net”).
Linux seems to handle requests smoothly. Setting up Linux with Squid offers much more control. How exactly are you configuring it? If your router is at 10.10.1.253, PFSense assigns a single IP address—10.10.1.252—to that interface. When a client like 10.10.1.10 needs to reach 10.10.1.11, it would bypass the gateway and connect directly. Assuming the router is connected straight to the switch, you’d likely need multiple interfaces per segment, each linked to different devices. It sounds complex, almost like a Cisco setup, but with Linux it could be more manageable.
The idea of placing Squid on a box between a router and a switch has been considered. I’d still need to connect ports and set up VLANs, right? Or would it be simpler on Linux instead of using PFSense? PFSense does have two interfaces linked to the switch and router for bridging traffic, but you’re wondering if it’s better not to bridge them altogether. Could you clarify more details?
Then I completely misread the situation, sorry about that. My thoughts were really off track. I logged into my pfSense to check things out, but I’m unsure how to do this since when setting up a bridge you need interface assignments. I’m wondering if you should set up VLAN interfaces for both connections and then assign each one individually. That would mean five bridges in total—definitely not a single bridge handling everything. You’ll likely lose VLAN tags if you don’t handle them properly, so you’ll be at the mercy of your PVID. It seems the VLAN interfaces are necessary for pfSense to process tagged packets. You’ll probably have to do some manual outbound NAT. https://forum.pfsense.org/index.php?topic=115718.0 This person also struggled with passing VLANs through their bridge, so it’s clear you’ll need at least five bridges. Make sure any interface assignments you create are VLAN-based. Assuming em0 is linked to your router and em1 to your switch... VLAN 1 on em0, VLAN 10 on em0, VLAN 20 on em0, VLAN 30 on em0, VLAN 100 on em0, and VLAN 100 on em1, then set up the bridges accordingly.
Avoid setting up any interface links that aren't VLANs. Do not assign directly to em0 or em1.