Howto Block LAN Stations to communicate each other ?
-
Hello !
1.First of all my English is a bit poor , so i am sorry for that.
2.I am new to firewalling
My problem is :
I have a pfSense box in our corporate building. ( I Like it very much ). And i have a Subnet 192.168.0.0/16 on the lan side.
I want to block all Microsoft Network communication ( Printer Sharing, Document Sharing ) between the workstations, but i
have no success.Please help !
pfSense 1.0-rc1 with Trasparent Squid. nothing else installed.
Attila
-
This is not possible as this traffic doesn't pass the firewall. Only traffic leaving your local subnet will hit the pfsense. Traffic inside the local subnet is happening between the workstations directly.
-
Ok then Thanks.
How can i make with pfsense multiple subnets ?
Attila
-
Just add additional interfaces. Assign each interface a different IP from a different subnet. You then can control traffic between the subnets with the firewallrules.
-
Can i make virtual interfaces with pfSense ?
Attila
-
If you have a vlanswitch you can have multiple vlaned interfaces at one physical nic.
-
I mean like linux eth1:1 eth1:2 eth1:3 .. etc…
-
I know with Cisco switches you can setup a private VLAN where the isolated ports can only communicate with the promiscuous port(s). For example you have two computers on two isolated ports, and pfsense connected to a promiscuous port, each computer can communicate with the pfsense box, but not with each other.
The router/pfsense doesn't really interact at all if the communicating computers are on the same subnet.