Comunication between Physical LAN Ports and VLANS
-
We have a PFSense 2.0.1 box
with multiple LAN's and VLAN's and 2 WAN connections 1 of the WANs is in use.I found out that the default rule of source LAN network to any destination encompassed other LAN/VLAN networks so I had to block this because I didnt want other Private networks to see each other.
I created an alias that had the network ranges of all the LAN/VLAN networks and then created a rule to say that the relevent LAN/VLAN subnet was to allow communication to all addresses but those of the alias.
I then created a rule to allow traffic on that network Subnet/addresses
I dont know if this is the best way to do this but it seemed to work.
I would appreciate any ideas on this?
-
Nothing wrong with the setup you have described, although it sounds like the allow all rule (second one) is redundant, as the first rule will catch everything.
-
Without the Allow all communication on the LAN/VLAN subnet/address rule for that network I wasnt able to
get it to work properly with internal addressing, as I had 1 Alias rule that could be updated for each of
the LAN interfaces, and this one was being used to block communication on its own subnet as well as all the others…..e.g. (not my own I may add)
Firewall: Aliases
Name Values Description
LANS 192.168.1.0/24,(LAN1) Not Internal Networks
192.168.2.0/24,(LAN2)
192.168.3.0/24,(LAN3)
192.168.4.0/24 etc....Firewall: Rules (for LAN1)
ID Proto Source Port Destination Port Gateway Queue Schedule Description
* LAN1 net * ! LANS * * none Allow LAN1 to Internet* LAN1 net * LAN1 address * * none Default allow SUBNET to LAN any Rule
* LAN1 net * 192.168.100.0/24 * * none Default VPN allow 192.168.100.0 to 192.168.1.0