Multiple LAN VIPs issue
-
Hi, I've been searching a lot but couldn't find the right solution. Here is the situation:
I have multiple static IPs from my ISP and I've set them that way
WAN xxx.xxx.xxx.220
Virtual IPs on WAN interface xxx.xxx.xxx.210 , xxx.xxx.xxx.211, … , xxx.xxx.xxx219LAN 192.168.88.1/24
Virtual IPs 192.168.10.5 -> 1:1 NAT to xxx.xxx.xxx.210
etc.I also have a Virtual IP 192.168.60.1/27 and 192.168.30.1/27 on the LAN interface but i'm having trouble with separating those two networks.By setting the netmask /27 (or 255.255.255.192) i've limited the scope to 64 hosts, so when I try ping form 192.168.60.x to 192.168.30.x it is unreachable - good. The problem is when i try reaching by host name let's say "ping user-pc" or "\user-pc" and i connect with no problem.
Both 192.168.60.1 and 192.168.30.1 have Outbound NAT to same IP to the WAN - xxx.xxx.xxx.216Can anyone help me make those two networks invisible to each other?
Thanks ! :) -
The problem is when i try reaching by host name let's say "ping user-pc" or "\user-pc" and i connect with no problem.
I'm guessing both of these computers are plugged into the same switch, can you confirm?
If so, you need to separate the networks. If you have a managed network switch, you can use VLANs to do so. If you don't , then you have to plug them into different switches and different LAN interfaces on your PFSense firewall.
Netbios (Which is resolving the user-pc to an IP address) is broadcasting in your network. The receiving computer responds with its IP address. I think the computer probably realizes that you are in the same layer 2 network and doesn't try to use a router to reach the other PC.
-
Yes, they are both in the same switch.
That's what i was afraid of, even if i block all all the traffic between those networks they'll still be able to reach directly…....
Well thank you for the response VLANs it will be :)