Block LAN access from a computer on the LAN
-
Hello.
I have a testserver on my LAN (on a esxi host) that i don't want access to the rest of my LAN, only traffic out to the WAN.
How do I this? Can I do this with some firewall rules?One option would be to add a second NIC to the esxi host and get a second IP range that cannot connect to the original LAN subnet but I would prefer to not buy a new NIC…
-
One option would be to add a second NIC to the esxi host and get a second IP range that cannot connect to the original LAN subnet but I would prefer to not buy a new NIC…
This.
If you dump it on the LAN, the traffic will not hit the firewall if it is going to another host on the LAN. -
The only way to the separate it from the LAN. This means either putting it on its own vLAN or its own physical switch/NIC. Once it is on a different subnet, you can control how the traffic goes out to the internet or LAN. If it has a application FW like Microsoft FW, you could use that, but it could easily be disabled.
-
I used VLAN to solve it, works like a charm! :)
ESXi can tag traffic out from the host.
If anyone is interested I can make a more detailed description how I did it.
