Pfsense with 1 wan and 3 lan cards

  • We have just installed 4 nic cards and our goal was to create 2 separate subnets not vlans which should not be able to communicate with each other.

    I got the setup working with dhcp on both subnets could browse we put in the necessary rules and all was fine except the dhcp servers was causing problems to the clients assigning ip's.

    What is the proper way of blocking the subnets.

  • I would just use the firewall rules to block between the adapters?

  • What is the proper way of blocking the subnets.

    • assign at each LAN port another subnet with its own IP range an DHCP server
    • and then create firewall rules that will be managing the packet flow between them

  • Thanks for the feedback I did created 2 different subnets, what I am not sure of is how to setup the rule to block the internal networks from each other. If you have an example that would help

    thanks again

  • The way I prefer to do it ;)

    Create an alias (firewall/aliases) of the network type. I name it Internal networks,
    now you can add your internal nets to that Alias.

    With that done go to firewall/rules and create a deny rule on each of your internal networks. It should deny anything from source:any going to Internal Networks.
    Make sure to place that rule before any allow any/any rules.

  • Thank you for the response mats will try it

Log in to reply