Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Creating passing rules between two physical or virtual interfaces

    Scheduled Pinned Locked Moved L2/Switching/VLANs
    2 Posts 2 Posters 152 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • V
      VMlabman
      last edited by

      I could sure use some help here. I have a new management interface, VLA and or physical having decided which one I’m gonna use yet depending on if it makes a difference or not but I’m guessing I’m gonna go with VLAN. I assume it being that I have devices. I want to manage that have the ability to have the management web interface be solely configured / accessible on a VLAN ( VLAN aware ) yet be on the same physical wire Nic and switch port with its standard services. unless it turns out I could assign a VLAN also to a physical interface on my pfSense management physical interface

      This brings me back my original topic. Resistance and direction simplistic and possibly visual example of how I’m going to route traffic between my standard land interface and my management interface trying to keep it as secure as possible. Basic services locked down to specific devices on each end and specific IP address, port, protocol on each end even more restrictive if I could do so. Is there any way to use ACLs For Mac address or other identifiers specific to each individual device in the rules or Elias is created?

      My first snarl is, I have the ability to manage a nas by FQDN with https. I want to move that management accessibility only to be able to take place from the management interface on the firewall, but the NAS regular services file sharing SMB NFS to maintain the standard LAN interface I know this the config within the NAS. So for the rule from Management to LAN accessing the Management web interface via https://FQDN:5555 not Via IP. Can someone share specific rule settings I would need to create for this and what the options would look like I’ve been having extreme trouble making the selections and I’ve had no luck whatsoever getting traffic to pass at all properly other than ICP and some basic DNS on port 53

      Any suggestions or recommendations are more than open to?

      It your help is greatly appreciated

      .

      S 1 Reply Last reply Reply Quote 0
      • S
        SteveITS Galactic Empire @VMlabman
        last edited by

        @VMlabman said in Creating passing rules between two physical or virtual interfaces:

        way to use ACLs For Mac address

        pfSense Plus can do rules like that.
        https://docs.netgate.com/pfsense/en/latest/firewall/ethernet-rules.html

        https://FQDN:5555

        I'm not sure I follow. Is that the NAS address? You can create a rule to access it from a different interface, however, you can't prevent devices on LAN from accessing it, because packets on the same network do not go through the router.

        Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
        When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
        Upvote 👍 helpful posts!

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.