Firewall rules doesn't block vlan to lan traffic



  • Hello friends,
    I am new to the pfsense and trying to isolate my IOT vlan from lan. I setup all the rules to my knowledge and my readings.. but it looks like something very crucial missing from my setup. When testing, my lan is still accessible from vlan. Here are my lan and vlan rules:
    5e9390a3-13d5-4e81-8695-cc9a6798f107-image.png

    da7a3841-e22d-40c2-ab41-e57bcc16014f-image.png

    IP assignment and everything is working as expected.
    Here is my Netgear prosafe switch configuration:
    50eabe0d-d35e-403e-840a-a88594aae7c2-image.png

    c51c9ac2-c869-4fa3-b228-cea59b3be3dd-image.png

    c3ea6b1b-5391-499e-bf43-113a7d26cdfe-image.png

    I have two nics. one for each lan and vlan.

    Please let me know if I need to provide any other configurations on pfsense. I will be glad to provide it.

    Thanks



  • @andy22
    I made some changes to the IOT vlan rule where it blocks connection to my lan I think .. but I don't know whether they are correct or not.
    bfd255ee-8299-4455-bd15-69572f666dc8-image.png

    I can't ping my device from VLAN to lan (this is desirable. Earlier, it wasn't happening)
    But I can't ping devices from lan to vlan. I want that connectivity since I will be running Chromecast, Alexa and printers, sprinkler system, etc into my vlan and to cast, I think lan needs to have visibility into my vlan. Please correct me if I am wrong.
    Can someone please suggest me firewall rules I need to set on lan (or on vlan) so that I have visibility from lan into vlan?



  • I have somewhat of same issue, a bit different. I am able to block my IOT LANk from accessing my home LAN but for some reason cannot prevent devices on the new IOT LAN from accessing PFSense GUI/ssh-22. (the 3rd rule in the list below, where all the other rules there do work, just not the 3rd one)

    alt text


Log in to reply