Hi,
Here is my situation:
I have a PfSense firewall and a switch that supports VLANs. I created 3
VLANS on this switch:
VLAN 101 contains ports that are connected directly to the internet
(PfSense WAN port, internet port (it is in colocation), other servers
that would be connected directly to the internet (not behind PfSense).
VLAN 102 contains ports that are connected to devices in the Subnet1,
let's say 10.10.10.0/24.
VLAN 103 contains ports that are connected to devices in the Subnet2,
let's say 192.168.10.0/24.
I left the default VLAN 1 that includes all ports.
I've given 10.10.10.1 as IP address to the PfSense' LAN interface, and
added a proxy arp virtual IP of 192.168.10.1.
I configured the WAN interface of the PfSense to be part of VLAN 101.
I configured the LAN interface of the PfSense to be part of VLAN 102 and
103.
My goal is that even if I have only 2 interfaces on the PfSense system,
I'd like to have 2 separate subnets on the LAN interface. This way,
servers in the Subnet1 cannot talk directly to the servers in Subnet2,
without going through firewall rules.
Right now, everything is fine for subnet1. It can connect to the
internet, to the firewall. I configured 1-to-1 NAT and allowed SSH in
for some hosts and it can connect.
However, subnet2 is completely isolated. It cannot talk to anyone, nor
to the fw, nor the subnet1, nor the internet.
I know I should have used another firewall or a firewall with 3
interfaces, but I thought what I'm trying to do is possible. Is it?
If it is, where is my mistake(s)?
Please let me know if you need more information.
Regards,
Ugo
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
