Block LAN access from a computer on the LAN



  • Hello.
    I have a testserver on my LAN (on a esxi host) that i don't want access to the rest of my LAN, only traffic out to the WAN.
    How do I this? Can I do this with some firewall rules?

    One option would be to add a second NIC to the esxi host and get a second IP range that cannot connect to the original LAN subnet but I would prefer to not buy a new NIC…



  • @mrhub:

    One option would be to add a second NIC to the esxi host and get a second IP range that cannot connect to the original LAN subnet but I would prefer to not buy a new NIC…

    This.
    If you dump it on the LAN, the traffic will not hit the firewall if it is going to another host on the LAN.



  • The only way to the separate it from the LAN. This means either putting it on its own vLAN or its own physical switch/NIC. Once it is on a different subnet, you can control how the traffic goes out to the internet or LAN. If it has a application FW like Microsoft FW, you could use that, but it could easily be disabled.



  • I used VLAN to solve it, works like a charm! :)
    ESXi can tag traffic out from the host.
    If anyone is interested I can make a more detailed description how I did it.