Access for one host to VLAN



  • Hi all!

    I have multiple different VLANs. They are making my life easier, one of the reasons is IoT and the little peace of mind that with PFSense I can isolate the devices that might have more vulnerabilities to their own VLAN.

    But now I have a bit o dilemma that I need your help with. Simply put the idea is that I have one host on my IoT VLAN that would need an access to so called management VLAN. And only this one host with static IP and only towards one host with static IP. So here is in a "network chart" what I want to do:

    host A (IoT) 192.168.1.101<---> host B 192.168.2.101 (Management)

    But how I can allow this host A to access a host B in another VLAN? Host A just polls some data from Host B so I think it might need to be opened to both directions for these hosts so the Host B can sent the requested data. Both of these VLANs have access to WAN if that makes any difference.


  • LAYER 8 Netgate

    You need a pass rule on Host A's interface to allow it to access Host B. The reply traffic from Host B will be passed automatically.



  • So I create a FW rule to "IoT" interface where souce is 192.168.1.101 and destination is 192.168.2.101 and allow?


  • LAYER 8 Netgate

    Probably. Depends on what rules are already there.



  • I did create that rule on IoT VLAN interface but at least ping did not work.

    The rules that I have are
    ALLOW - source IoT network - destination IoT network
    ALLOW - source host A 192.168.1.101 - destination host B 192.168.2.101
    DENY source any - destination all_local_subnets
    ALLOW source any - destination any

    Should the rules be like that?


  • LAYER 8 Netgate

    Please post your rule set not a summary of what you think is there. You left out a lot of key information.