Pfsense on VM inside NAS host - VLAN help?


  • Hello,
    I am using a Synology NAS with VMM and I have working instance of pfSense acting as firewall.
    I am using a Zyxel managed switch with a 3 VLAN setup.

    My doubt is about how to manage the VMM Host.
    It is a NAS and I use a lot of services (web serving, file storage, time machine backup, etc).

    Currently, my pfsense is 192.168.1.2 and the NAS is 192.168.1.250.
    WAN interface get IP from DSL Router acting as DHCP Server.

    If I use VLANs to segregate connection from switch to pfsense, I can no more reach my NAS.

    Which is the best practice to set 3 VLANs:

    • 1 WAN (only from DSL router to pfsense) - DSL doing DHCP Server
    • 1 Trusted LAN (with all my devices that can securely share lan data)- PFSense DHCP server
    • 1 IOT LAN (with IoT devices not so trusted) - PFSense DHCP Server

    Both LAN's can access the internet but while TLAN devices can access IOTLAN, reverse communication is blocked.

    Also I would like to be sure that NAS is secured and not exposed to WAN like pfsense should be.

    Any advice about how to set IPs and VLANs?

    Thank you
    Chris


  • Well, as soon as you move to VLANs, you'll need to tag the appropriate VLANs on the switchport connected to PFsense. Was that done?

    You then need to assign a unique subnet to each interface on PFsense.

    Then, access would be controlled via firewall rules on each interface.


  • Yes,
    I created 3 VLAN:

    VLAN 1 with Port 1 tagged (connected to NAS with VM pfsense) and port 7 untagged (Access Point)
    VLAN 10 with Port 1 tagged and Port 2-6 untagged
    VLAN 90 with Port 1 tagged and Port 8 8 untagged (connected to DSL router)

    In pfsense I have corresponding VLAN with VLAN 90 as DHCP client and VLAN 1 and 10 with DHCP server

    Is it ok?