Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Pfsense on VM inside NAS host - VLAN help?

    Scheduled Pinned Locked Moved L2/Switching/VLANs
    3 Posts 2 Posters 445 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      chrispazz
      last edited by

      Hello,
      I am using a Synology NAS with VMM and I have working instance of pfSense acting as firewall.
      I am using a Zyxel managed switch with a 3 VLAN setup.

      My doubt is about how to manage the VMM Host.
      It is a NAS and I use a lot of services (web serving, file storage, time machine backup, etc).

      Currently, my pfsense is 192.168.1.2 and the NAS is 192.168.1.250.
      WAN interface get IP from DSL Router acting as DHCP Server.

      If I use VLANs to segregate connection from switch to pfsense, I can no more reach my NAS.

      Which is the best practice to set 3 VLANs:

      • 1 WAN (only from DSL router to pfsense) - DSL doing DHCP Server
      • 1 Trusted LAN (with all my devices that can securely share lan data)- PFSense DHCP server
      • 1 IOT LAN (with IoT devices not so trusted) - PFSense DHCP Server

      Both LAN's can access the internet but while TLAN devices can access IOTLAN, reverse communication is blocked.

      Also I would like to be sure that NAS is secured and not exposed to WAN like pfsense should be.

      Any advice about how to set IPs and VLANs?

      Thank you
      Chris

      1 Reply Last reply Reply Quote 0
      • M
        marvosa
        last edited by marvosa

        Well, as soon as you move to VLANs, you'll need to tag the appropriate VLANs on the switchport connected to PFsense. Was that done?

        You then need to assign a unique subnet to each interface on PFsense.

        Then, access would be controlled via firewall rules on each interface.

        1 Reply Last reply Reply Quote 0
        • C
          chrispazz
          last edited by

          Yes,
          I created 3 VLAN:

          VLAN 1 with Port 1 tagged (connected to NAS with VM pfsense) and port 7 untagged (Access Point)
          VLAN 10 with Port 1 tagged and Port 2-6 untagged
          VLAN 90 with Port 1 tagged and Port 8 8 untagged (connected to DSL router)

          In pfsense I have corresponding VLAN with VLAN 90 as DHCP client and VLAN 1 and 10 with DHCP server

          Is it ok?

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.