Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How to Access IoT device VLAN

    Scheduled Pinned Locked Moved Routing and Multi WAN
    2 Posts 2 Posters 404 Views 3 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G Offline
      guardian Rebel Alliance
      last edited by

      I'm hoping someone can confirm that my understanding of 1:1 NAT is correct and that I am applying it correctly. Here is what I am trying to accomplish:

      I have an IP camera (10.10.30.10:6890) on my IoT VLAN (10.10.30.0/24) that only allows administration by a device on the same network.

      I need to be able to administer this device from a PC on 10.10.50.0/24. (CORE)

      If I create a 1:1 NAT as illustrated, will this allow me to connect to 10.10.50.250:6890 and have it map to the camera at 10.10.30.10:6890 and appear as if the remote pc is at 10.10.30.250?


      0_1528656821605_3ad271f9-6075-48d4-8143-29c08b9e0f5b-image.png

      Will this work? Is there a better way to accomplish this?

      Devices in the IoT VLAN (10.10.30.0/24) should not be able to initiate connections to the CORE VLAN (10.10.50.0/24), only respond to connections from the CORE VLAN, otherwise it defeats the purpose of the isolation IoT VLAN.

      Where should I apply these firewall rules? Do they need to be floating rules?

      If you find my post useful, please give it a thumbs up!
      pfSense 2.7.2-RELEASE

      1 Reply Last reply Reply Quote 0
      • V Offline
        viragomann
        last edited by

        You only need an outbound NAT rule for that. Firewall > NAT > Outbound

        If your outbound NAT is in automatic mode switch to hybrid first. Then add a rule:
        Interface: IoT
        Destination: 10.10.30.10 (the cam)
        Translation address: Interface address.

        Rules to allow access have to to be add to the interface where the connections come into pfSense, here it is the core.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.