I have 2 facilities that used to be connected via an IPSec VPN Facility 1 had 2 networks 10.0.0.0/24 and 10.0.1.0/24. They are both on the same physical wire, they each have their own NIC in pfSense box. Users were either one or the other with a couple of people being dual homed on both.
Now we get new facility 2 which is 10.0.2.0/24. I connected Facility 2 via an IPSec tunnel to Facility 1 and allow computers in the 10.0.1.0/24 network to talk to the machines in Facility 2's 10.0.2.0/24 network. All works great. Now we start to put through too much data for IPSec tunnel to handle so we now have a dedicated PVLan circuit from Facility 1 to Facility 2. I have added a 3rd Nic to my firewall in Facility 1 and assigned an IP 10.0.2.253 to it. Now I can see all computers in Facility 1 from Facility 2 and vice versa. I still only want computers in facility 1 from 10.0.1.0/24 to see the 10.0.2.0/24. I do not want 10.0.0.0/24 to see any computer in the 10.0.2.0/24 network On my LAN interface I have set rule #1 to block traffic from 10.0.0.0/24 to 10.0.2.0/24 but that did nothing. On my Facility 2 interface I put a similar block rule still to no effect. I know the pfSense box it routing traffic from one interface to another so how can I tell it what can pass and what cannot. Thanks, _____________________________________________________________________ Ron Lemon Information Technology Manager, Maplewood Computing Ltd. | 800.265.3482 | www.maplewood.com<http://www.maplewood.com> This email message, and any files transmitted with it, are confidential and intended solely for the use of the intended recipient(s). Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message and attachments. [cid:[email protected]]
<<inline: image001.jpg>>
