Traffic between vlan networks
-
Hello there,
I got a problem with my pfsense setup. I want to block traffic between vlans and block access to the pfsense login page. I have done this:
- Added all vlans in a Interface group
- Created an alias including all local subnets
- Created a Firewall rule on the interface group allowing from any to ! not alias internal network
See screenshot for the rule
-
And what is not working as you would expect?
-
And what is not working as you would expect?
When I ping a device in another network I recieve pings. I cannot access the web interface of that device but I still recieves pings.
-
how do you have your interfaces setup. And where do you have that rule your showing, and do you have anything floating tab?
What are the networks you are running 192.168.1/24 192.168.2/24 ?
and how are these vlans connect to pfsense, you have different dumb switches on each segment, a smart switch with vlans and trunking setup to pfsense?
-
Isn't Class B 172.16.0.0/12 and not 172.12.0.0/12?
-
Not really class B but yes. Nice catch. Your RFC1918 networks alias is wrong.
Since you're using 192.168.x.x it shouldn't matter but you should fix it anyway before you bank your head against a wall months/years from now.
-
Isn't Class B 172.16.0.0/12 and not 172.12.0.0/12?
Thanks please close this topic! Got it working! I forgot to add myself to the interface group. I have added myself now, I can not access the web interface anymore but the good news is traffic is being blocked.
-
dude what are you doing - seems like a odd way to block traffic between vlans. Are you even running all rfc1918 space?
So you locked yourself out of the web gui?
-
If all the rules are identical on all the VLANs an interface group isn't a bad idea. All you can't do is reliably source-limit the traffic to OPTX net.
