separating two systems over the network?

josephchrzempiec

Hello, I'm kind of new to pfsense. I'm still learning about it. My question is it possible to have two servers from seeing each other in pfsense?

Example: address 192.168.1.20 and 192.168.1.21 to not talk or see each other if They ping or what not each other.

Joseph

viragomann

@josephchrzempiec
pfSense can only restrict traffic between to interfaces. If both server are within the same network segment traffic from one to the other has not to pass pfSense, so pfSense can do nothing here.

josephchrzempiec

@viragomann Thank you very much. As what I thought as well. I wasn't sure if it can be blocked or not. Is it possible to have multple networks on a single Pfsense. a 192.168.1.1 and a 192.168.2.1? From what I'm seeing I know I can do multiple static Ip addresses from my ISP but was curious If I can do the same thing internally as well?

Joseph?

viragomann

@josephchrzempiec
If you pfSense hardware has multiple network ports, you can enable additional interfaces in Interfaces > Assignments to segmented your network. Also if you have a VLAN capable switch, you can set up VLANs on pfSense for segmentation.

It is possible to set up multiple networks on a single LAN interface, but it is not an ideal way to segmented the network end will end up in some issues.

josephchrzempiec

@viragomann I do not have network swtiches that have Vlan on them. They are as dumb as they come. On my Pfsense system I have 3 network add on cards that are doing nothing on them. And two Internal work ports that I'm currently Using. one for Wan and the other for just a single Lan.

Joseph

johnpoz

@josephchrzempiec do you have multiple dumb switches? If so you could plug 1 switch into the interface on network 192.168.1/24 and another switch into interface 192.168.2/24. Stuff you plug into sw1 will be on that network, stuff you plug into sw2 would be on the other network. Then you could firewall all you want between these network.

Your other option would be just plug say this server into the port directly on pfsense, and put it on a different network that way.

But you can get a 8 port "smart" switch that does vlans for like $40 or so.

Other option if you did have a managed switch that supported private vlans, you could limit who could talk to each other in the same network/vlan

Other option is to do your filtering on the hosts firewall directly.