Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Blocking connections between computers on the same subnet?

    Scheduled Pinned Locked Moved Firewalling
    4 Posts 3 Posters 2.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      black0ut
      last edited by

      My network is

      pfsense–--switch---computer 1(192.168.1.2)
                          |
                          ------computer 2(192.168.1.3)

      Is it possible to block all connections between computer 1 and computer 2?  I just want computer 2 to be able talk to the gateway(pfsense), but it shouldn't be able to talk to computer 1.

      1 Reply Last reply Reply Quote 0
      • B
        Bern
        last edited by

        The PCs know their subnet and both will "see" that the other PC is on the same subnet, and make a direct connection to the other PC without using the firewall.

        1 Reply Last reply Reply Quote 0
        • GruensFroeschliG
          GruensFroeschli
          last edited by

          You could do that with a VLAN capable switch.

          Create two VLAN's
          The port to the pfSense is member of both VLANs
          Each port for a client is member of one of the VLANs.
          Eggress on all ports untagged.

          Like this your clients are still withing the same subnet and able to talk to the pfSense, but unable to talk to each other.

          This has however nothing to do with the pfSense itself.
          –> The clients are not firewalled to each other. They just cannot communicate.

          We do what we must, because we can.

          Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

          1 Reply Last reply Reply Quote 0
          • B
            black0ut
            last edited by

            @Bern:

            The PCs know their subnet and both will "see" that the other PC is on the same subnet, and make a direct connection to the other PC without using the firewall.

            Yeah, I was like 90% sure this was why, but I figured I might as well ask to be sure.

            Gruens: I have a plain old unmanaged switch, so I think it would be easiest to grab another NIC and use that as my DMZ.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.