WAN and two LAN…



  • I'm sorry to ask for this help. I'm not sure how much of this is firewall, and how much is routing. I'm familiar with moderate networking skills, including interfaces, subnets, and masks, but routing is new to me; someone else always did it. I've wandered around the Pfsense documentation, but I'm not getting it.

    I've set up a test environment in Virtual Box, with Pfsense in a VM. There are servers that were virtualized from their live counterparts by disk cloning. These are our factory production systems with lots of LAN-enabled equipment. We need to test some changes, and it can't be done on the live systems, and the test environment must be kept isolated, or there will be conflicts. Bad ones.

    There should be a strict block of all traffic through the Pfsense WAN port, with one exception: a large-format printer/plotter that can't be physically moved. I'll explain the details below.

    A rough outline of everything is as follows, with internet at the top:

    Time Warner Internet
    |
    Cisco Router
    |
    +-Cisco interface 0: Office LAN: 192.168.0.1/24, with internet access
    | +-printer
    | +-server X
    | +-Vbox host with Pfsense and the other virtual machines
    |
    +-Cisco interface 1: Factory LAN: 192.168.1.1/24, no internet
    | +-server Y
      +-other servers & lots of equipment

    There is only one Cisco route between the two subnets, from server X to Y. Otherwise, the factory LAN is isolated from the world.

    Following is the setup inside the Vbox host environment. Note the Pfsense VM has three interfaces:

    Vbox Host
    |
    PFsense WAN interface (vbox bridged)
    |
    +-Pfsense LAN_0 interface: 192.168.0.1/24 (vbox intnet #1)
    | +-Copy of Server X
    |
    +-Pfsense LAN_1 interface: 192.168.1.1/24 (vbox intnet #2)
      +-Copy of Server Y
      +-copies of other servers

    Ok, here is what is needed:

    1. Server Y needs to print to the printer outside the WAN port. Perhaps for this another Optional LAN interface should be used?
    2. Except for the printer, a strict block of all other traffic in/out the WAN port.
    3. Server X and Server Y need to communicate.

    That's it. All this explanation for those three things, lol.

    If you've read this far, thank you. I really appreciate it.