Blocking connections between computers on the same subnet?
-
My network is
pfsense–--switch---computer 1(192.168.1.2)
|
------computer 2(192.168.1.3)Is it possible to block all connections between computer 1 and computer 2? I just want computer 2 to be able talk to the gateway(pfsense), but it shouldn't be able to talk to computer 1.
-
The PCs know their subnet and both will "see" that the other PC is on the same subnet, and make a direct connection to the other PC without using the firewall.
-
You could do that with a VLAN capable switch.
Create two VLAN's
The port to the pfSense is member of both VLANs
Each port for a client is member of one of the VLANs.
Eggress on all ports untagged.Like this your clients are still withing the same subnet and able to talk to the pfSense, but unable to talk to each other.
This has however nothing to do with the pfSense itself.
–> The clients are not firewalled to each other. They just cannot communicate. -
The PCs know their subnet and both will "see" that the other PC is on the same subnet, and make a direct connection to the other PC without using the firewall.
Yeah, I was like 90% sure this was why, but I figured I might as well ask to be sure.
Gruens: I have a plain old unmanaged switch, so I think it would be easiest to grab another NIC and use that as my DMZ.
