• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

VLans, Subnets, Block rules

Scheduled Pinned Locked Moved Firewalling
3 Posts 3 Posters 712 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • U
    Underworld
    last edited by Underworld May 13, 2022, 4:33 AM May 13, 2022, 4:24 AM

    I'm watching these Lawrence Systems videos on Youtube https://youtu.be/ouARr-4chJ8?t=726

    And he's created some VLans - each with a subnet.

    Then he goes to the firewall, explicitly and specifies that a Vlan can send to anything, except the other Vlans. Basically blocking access into other Vlans.

    But by virtue of each VLan having its own subnet - my understanding is that you can't access those other IP ranges in the different subnet, making the blocking from firewall pointless?

    B J 2 Replies Last reply May 13, 2022, 5:59 AM Reply Quote 0
    • B
      bingo600 @Underworld
      last edited by bingo600 May 13, 2022, 6:03 AM May 13, 2022, 5:59 AM

      @underworld
      You are correct about VLANs being segregated on Layer2 (L2), the MAC Layer.
      But on Layer3 (L3) (Routing Layer) it is possible to forward (IP) packets from one VLAN to another.

      pfSense is a L3 device, doing routing.

      Ps:
      pfSense does both L2 + L3 operations.
      In order to do L3, you must support all of the lower layers too.
      Hint: OSI Model
      https://en.wikipedia.org/wiki/OSI_model

      /Bingo

      If you find my answer useful - Please give the post a 👍 - "thumbs up"

      pfSense+ 23.05.1 (ZFS)

      QOTOM-Q355G4 Quad Lan.
      CPU  : Core i5 5250U, Ram : 8GB Kingston DDR3LV 1600
      LAN  : 4 x Intel 211, Disk  : 240G SAMSUNG MZ7L3240HCHQ SSD

      1 Reply Last reply Reply Quote 0
      • J
        johnpoz LAYER 8 Global Moderator @Underworld
        last edited by May 13, 2022, 10:09 PM

        @underworld said in VLans, Subnets, Block rules:

        my understanding is that you can't access those other IP ranges in the different subnet, making the blocking from firewall pointless?

        Huh? How would the internet work if could not access other IP ranges?

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        3 out of 3
        • First post
          3/3
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
          This community forum collects and processes your personal information.
          consent.not_received