Traffic is going between subnets without a rule…
-
I am running pFSense as a VM guest in VMWare. I have four virtual switches, one connected to the outside world, the others are not connected to each other, except through the firewall. The pFSense box has a vNIC on each of these four vswitches. I have set rules to allow all traffic from each subnet to pass as long as the source is an address in that same subnet, these are the only rules I've created.
Rules look like this..
Allow if Interface (subnet where rules is created) and source (subnet where rule is created).
I would expect with this configuration that traffic between the virtual switches would not pass, yet it appears that everything is automatically passing between the switches. A traceroute shows that if I am going from one subnet to another the traffic hits the firewall first, then is routed to the host on the other subnet and vswitch.
My goal is to not have these vswitches be able to talk with each other without specific allow rules. Is there something obvious that I am missing?
Thanks,
Keith
-
Please post screen shots of your firewall rules.
-
Sounds like you're allowing that source to every destination, which will do exactly what you're seeing, allow it everywhere. That's how all stateful firewalls work, the rules on the other interface don't apply to traffic initiated on the other networks. You either need to not allow all destinations or add block rules above your pass. Details in http://pfsense.org/book and the basics here:
http://doc.pfsense.org/index.php/Firewall_Rule_Basics