DMZ Internet - Restrict LAN Access

  • Hi Guys. Sorry if this post is in the wrong place. Admin feel free to move it.

    I am looking for some assistance please. I have been pulling my hair out and not getting very far. So have rebuilt the pfsense box back to factory settings. Let me give you a run down on setup.

    latest pfsense running on VMware ESXi 6.7

    vyos router
    -- - VLAN1
    -- - VLAN2
    -- - VLAN3
    -- - VLAN4

    vyos default gateway


    NIC1 = VLAN1
    NIC2 = ISP Router
    NIC3 = DMZ

    Under Interfaces

    Under system routing

    Under system routing / static routes via via via via

    Now I can't get internet access on LAN and OPT1 unless I create and Any Any rule. This also allows the 192.168.x.x to see the 172.16.16.x network and vice versa. My OT1 network is my DMZ.

    I am trying to create the following. I am happy for the 192.168.x.x to see devices on the 172.16.16.x network and have unrestricted internet access.

    I would like the 172.16.16.x network to not be able to communicate with anything on the 192.168.x.x network and have unrestricted internet access.

    Can anyone provide any help on getting this running. I have played around with so many rules and nothing seems to semi work apart from any any

    Thanks in advance.

Log in to reply