Multiple LAN VIPs issue



  • Hi, I've been searching a lot but couldn't find the right solution. Here is the situation:

    I have multiple static IPs from my ISP and I've set them that way
    WAN xxx.xxx.xxx.220
    Virtual IPs on WAN interface xxx.xxx.xxx.210 , xxx.xxx.xxx.211, … , xxx.xxx.xxx219

    LAN 192.168.88.1/24
    Virtual IPs 192.168.10.5 -> 1:1 NAT to xxx.xxx.xxx.210
    etc.

    I also have a Virtual IP 192.168.60.1/27 and 192.168.30.1/27 on the LAN interface but i'm having trouble with separating those two networks.By setting the netmask /27 (or 255.255.255.192) i've limited the scope to 64 hosts, so when I try ping form 192.168.60.x to 192.168.30.x it is unreachable - good. The problem is when i try reaching by host name let's say "ping user-pc" or "\user-pc" and i connect with no problem.
    Both 192.168.60.1 and 192.168.30.1 have Outbound NAT to same IP to the WAN - xxx.xxx.xxx.216

    Can anyone help me make those two networks invisible to each other?
    Thanks ! :)



  • @NikoLabov:

    The problem is when i try reaching by host name let's say "ping user-pc" or "\user-pc" and i connect with no problem.

    I'm guessing both of these computers are plugged into the same switch, can you confirm?

    If so, you need to separate the networks. If you have a managed network switch, you can use VLANs to do so. If you don't , then you have to plug them into different switches and different LAN interfaces on your PFSense firewall.

    Netbios (Which is resolving the user-pc to an IP address) is broadcasting in your network. The receiving computer responds with its IP address. I think the computer probably realizes that you are in the same layer 2 network and doesn't try to use a router to reach the other PC.



  • Yes, they are both in the same switch.
    That's what i was afraid of, even if i block all all the traffic between those networks they'll still be able to reach directly…....
    Well thank you for the response VLANs it will be :)


Log in to reply