Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Segregated LANs

    Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
    2 Posts 1 Posters 946 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      bionemesis
      last edited by

      Good Morning!

      New user to pfsense, trying to implement segregated LANs and not exactly sure how to configure everything appropriately. Let me start with what I'm trying to do and what configuration exists outside of pfsense. VMware ESXi on a server with 6 NICs. Those NICs are configured into 6 virtual switches, as follows:

      vSwitch0: 4 VMs connected, NIC is physically connected to our office LAN. In pfsense, this is configured as LAN and I use it to access pfsense from my main office PC. This would be the management IP, as I only want pfsense to be a client, which is currently working great.

      vSwitch1, vSwitch2, vSwitch3, vSwitch4: 2 VMs connected, NICs are each physically connected to a single PC that we are working on (so when all benches are full, we have 4 PCs connected). In pfsense, these are configured as opt1-4. pfsense provides DHCP/DNS and provides IP addresses in the ranges 192.168.1.x, 192.168.2.x, 192.168.3.x, 192.168.4.x. This also works fine, in that any connected PC receives an IP and can connect to the internet.

      vSwitch5: only pfsense connected. NIC is physically connected to our main LAN, same as vSwitch0, but it is configured in pfsense as WAN. This also appears to work fine.

      What we are trying to do, however, is have it so that opt1-4 can connect to the internet and see any other devices in the same subnet, but that's it. So opt1 cannot see devices on opt3, for example. Also, and this is where I suspect it might get somewhat complicated, we don't want any of the devices in opt1-4 to see any devices on LAN or WAN. Because LAN and WAN are both connected into our main network, devices connected to opt1-4 see our office machines, which we don't want. Any help would be appreciated.

      PS: We are not able to VLAN the WAN or LAN interfaces at the moment due to limitations of the router upstream. If we end up having to replace the router, we will, but I'd much prefer to try this first.

      1 Reply Last reply Reply Quote 0
      • B
        bionemesis
        last edited by

        Thanks anyways guys, figured this out on my own. :)

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.