5/31/2023 0 Comments Mikrotik vlan firewallNote I have ordered 2 Intel NICs for the pfSense machine but would still like to keep the VLANs for that configuration. However I can’t connected to the pfSense via VLAN_LAN on ether6. So I get and IP for WAN on the pfSense and the Mikrotik says ether2 is connected to both VLANs. With a dhcp server with pool 192.168.77.10-192.168.66.254 on bridge1(although I know this is unnecessary as I could set a static IP on the WAN interface of the pfSense machine. ![]() ![]() ![]() This is the configuration that isn’t working: I would like to change that so the firewall gets an address from the default LAN network on the Mikrotik. I’ve had it running previously but with the “WAN” as a VLAN with it’s own DHCP to give the pfSense an address. throughput is not an issue since I only have 50Mbps internet downstream and the servers in DMZ have Gigabit between each other). I have a Mikrotik RB2011UiAS-2HnD routing my traffic currently but would like to set up a pfSense machine on a device with 1 network port. If so, please point me in the right direction! On to my issue. so we have 2 VLANs defined (VLAN 10 for Data and VLAN 60 for Voice). However, some of my IOT devices have a service (web/smb etc) that I would like to access from my HOME VLAN. I've setup general firewall rules to block access from the IOT VLAN to the HOME VLAN. ![]() You then split devices internally according to the internal interface. /interface/vlan add interfaceether2 namevlan20 vlan-id20 Assign VLAN interface to the bridge instead. Firewall rule allowing a 'response' from IOT VLAN to HOME VLAN I've got two VLANs on my Mikrotik router: HOME and IOT. You throw the IPs of the specific devices in a group and then block that group from the WAN interface. I’m not used to the whole forum thing so forgive me if this is in the wrong place or with wrong formatting. Im using in my customers core network and a Firewall (Mikrotik Cloud Router. Just a Firewall with flexible policies and multiple internal ports.
0 Comments
Leave a Reply. |