How to Access IoT device VLAN

  • I'm hoping someone can confirm that my understanding of 1:1 NAT is correct and that I am applying it correctly. Here is what I am trying to accomplish:

    I have an IP camera ( on my IoT VLAN ( that only allows administration by a device on the same network.

    I need to be able to administer this device from a PC on (CORE)

    If I create a 1:1 NAT as illustrated, will this allow me to connect to and have it map to the camera at and appear as if the remote pc is at


    Will this work? Is there a better way to accomplish this?

    Devices in the IoT VLAN ( should not be able to initiate connections to the CORE VLAN (, only respond to connections from the CORE VLAN, otherwise it defeats the purpose of the isolation IoT VLAN.

    Where should I apply these firewall rules? Do they need to be floating rules?

  • You only need an outbound NAT rule for that. Firewall > NAT > Outbound

    If your outbound NAT is in automatic mode switch to hybrid first. Then add a rule:
    Interface: IoT
    Destination: (the cam)
    Translation address: Interface address.

    Rules to allow access have to to be add to the interface where the connections come into pfSense, here it is the core.

Log in to reply