Bridge Firewalling

jonnytabpni · Jun 11, 2010, 5:29 PM

Hi everyone. I wish to create a bridge between my WAN and LAN so that I can give my hosts public IPs but still do filtering. It's easy to block ports from WAN to LAN, but how could I block the same ports between LAN hosts?

I'm hoping to provide a managed firewall service for multiple dedicated servers who don't trust each other.

Many thanks

danswartz · Jun 12, 2010, 12:05 AM

Best bet is to get a switch that supports VLANs. Make each VLAN a subinterface on the pfsense and by default they will not be allowed to see each other (if I am remembering right.) You can put each in a separate subnet or maybe bridge them?

jonnytabpni · Jun 12, 2010, 11:44 AM

Thanks for your reply. I was thinking about doing something like that. However it may become hard to manage if let's say a customer wanted to allow inbound port 80 from anywhere…I'd have to add the allow rule on the WAN tab as well as every other VLAN tab. Also, I would have to bridge all of these interfaces as all the hosts will be on the same (public) subnet.

Would another solution, if I was using pfsense 2.0, to use the "floating" tab? Would that work?