How to Access IoT device VLAN



  • I'm hoping someone can confirm that my understanding of 1:1 NAT is correct and that I am applying it correctly. Here is what I am trying to accomplish:

    I have an IP camera (10.10.30.10:6890) on my IoT VLAN (10.10.30.0/24) that only allows administration by a device on the same network.

    I need to be able to administer this device from a PC on 10.10.50.0/24. (CORE)

    If I create a 1:1 NAT as illustrated, will this allow me to connect to 10.10.50.250:6890 and have it map to the camera at 10.10.30.10:6890 and appear as if the remote pc is at 10.10.30.250?


    0_1528656821605_3ad271f9-6075-48d4-8143-29c08b9e0f5b-image.png

    Will this work? Is there a better way to accomplish this?

    Devices in the IoT VLAN (10.10.30.0/24) should not be able to initiate connections to the CORE VLAN (10.10.50.0/24), only respond to connections from the CORE VLAN, otherwise it defeats the purpose of the isolation IoT VLAN.

    Where should I apply these firewall rules? Do they need to be floating rules?



  • You only need an outbound NAT rule for that. Firewall > NAT > Outbound

    If your outbound NAT is in automatic mode switch to hybrid first. Then add a rule:
    Interface: IoT
    Destination: 10.10.30.10 (the cam)
    Translation address: Interface address.

    Rules to allow access have to to be add to the interface where the connections come into pfSense, here it is the core.