DMZ Internet - Restrict LAN Access
Hi Guys. Sorry if this post is in the wrong place. Admin feel free to move it.
I am looking for some assistance please. I have been pulling my hair out and not getting very far. So have rebuilt the pfsense box back to factory settings. Let me give you a run down on setup.
latest pfsense running on VMware ESXi 6.7
-- 192.168.1.254 - VLAN1
-- 192.168.2.254 - VLAN2
-- 192.168.3.254 - VLAN3
-- 192.168.4.254 - VLAN4
vyos default gateway 192.168.1.253
NIC1 = 192.168.1.253 VLAN1
NIC2 = ISP Router
NIC3 = 172.16.16.254 DMZ
Under system routing
Under system routing / static routes
192.168.1.254 via 192.168.1.254
192.168.2.254 via 192.168.1.254
192.168.3.254 via 192.168.1.254
192.168.4.254 via 192.168.1.254
Now I can't get internet access on LAN and OPT1 unless I create and Any Any rule. This also allows the 192.168.x.x to see the 172.16.16.x network and vice versa. My OT1 network is my DMZ.
I am trying to create the following. I am happy for the 192.168.x.x to see devices on the 172.16.16.x network and have unrestricted internet access.
I would like the 172.16.16.x network to not be able to communicate with anything on the 192.168.x.x network and have unrestricted internet access.
Can anyone provide any help on getting this running. I have played around with so many rules and nothing seems to semi work apart from any any
Thanks in advance.