Bridge Firewalling
-
Hi everyone. I wish to create a bridge between my WAN and LAN so that I can give my hosts public IPs but still do filtering. It's easy to block ports from WAN to LAN, but how could I block the same ports between LAN hosts?
I'm hoping to provide a managed firewall service for multiple dedicated servers who don't trust each other.
Many thanks
-
Best bet is to get a switch that supports VLANs. Make each VLAN a subinterface on the pfsense and by default they will not be allowed to see each other (if I am remembering right.) You can put each in a separate subnet or maybe bridge them?
-
Thanks for your reply. I was thinking about doing something like that. However it may become hard to manage if let's say a customer wanted to allow inbound port 80 from anywhere…I'd have to add the allow rule on the WAN tab as well as every other VLAN tab. Also, I would have to bridge all of these interfaces as all the hosts will be on the same (public) subnet.
Would another solution, if I was using pfsense 2.0, to use the "floating" tab? Would that work?