Segregated LANs
-
Good Morning!
New user to pfsense, trying to implement segregated LANs and not exactly sure how to configure everything appropriately. Let me start with what I'm trying to do and what configuration exists outside of pfsense. VMware ESXi on a server with 6 NICs. Those NICs are configured into 6 virtual switches, as follows:
vSwitch0: 4 VMs connected, NIC is physically connected to our office LAN. In pfsense, this is configured as LAN and I use it to access pfsense from my main office PC. This would be the management IP, as I only want pfsense to be a client, which is currently working great.
vSwitch1, vSwitch2, vSwitch3, vSwitch4: 2 VMs connected, NICs are each physically connected to a single PC that we are working on (so when all benches are full, we have 4 PCs connected). In pfsense, these are configured as opt1-4. pfsense provides DHCP/DNS and provides IP addresses in the ranges 192.168.1.x, 192.168.2.x, 192.168.3.x, 192.168.4.x. This also works fine, in that any connected PC receives an IP and can connect to the internet.
vSwitch5: only pfsense connected. NIC is physically connected to our main LAN, same as vSwitch0, but it is configured in pfsense as WAN. This also appears to work fine.
What we are trying to do, however, is have it so that opt1-4 can connect to the internet and see any other devices in the same subnet, but that's it. So opt1 cannot see devices on opt3, for example. Also, and this is where I suspect it might get somewhat complicated, we don't want any of the devices in opt1-4 to see any devices on LAN or WAN. Because LAN and WAN are both connected into our main network, devices connected to opt1-4 see our office machines, which we don't want. Any help would be appreciated.
PS: We are not able to VLAN the WAN or LAN interfaces at the moment due to limitations of the router upstream. If we end up having to replace the router, we will, but I'd much prefer to try this first.
-
Thanks anyways guys, figured this out on my own. :)