Skip to main content

pfsense: Create multiple vLAN and segregate traffic

By

pfsense: Create multiple vLAN and segregate traffic

Summary

pfSense is an excellent product and can be customised better than professional devices available from large vendors. pfSense is open-source, can be installed into an old laptop or Mini-PC and can scale from home lab setup to medium-large enterprises. This article focus on Creating "multiple LAN segments" within your home network, thus segregating traffic for different type of devices

Pre-Reqs

  • device with pfsense installed. I have installed pfsense in an OLD laptop with 2 ethernet ports
  • VLAN switch  with ability to Securely separate networks (VLAN) (New type of plus switches are cheaper around £20/$30 for 8 ports)
  • Quite few Ethernet cables (short lengths would be perfect)

Setup within pfsense

The settings are divided mainly into 3 parts

  • Creation of VLANs (For instance I've created 3 VLANs as below). The VLAN tag is quite important setting which is used to filter within the Switch

  • Configuration of VLANs (eg shown below and better to assign /24 range)

  • Configuration of Firewalls: This is slightly more complex. Below is a screenshot to allow various traffic and block rest
LAN settings

One of the VLAN setting

Setup on VLAN Switch

Once the setup is done within pfSense, then the Switch acts as the distribution mechanism. The switch is connected to the LAN output of the pfSense. The example uses NETGEAR 8-Port Gigabit Ethernet Smart Managed Plus SOHO Switch (GS308E) which have plenty of documentation

The VLAN switch configuration consists mainly of

  • VLAN configuration. I've used 802.1Q VLAN Identifier Setting as below. Take extra care on the VLAN ID and the Port Members

  • PVID Configuration - Assigning Port to PVID


After setting up as such, each of the port will be tied up to the relevant VLAN and thus traffic will be segregated
Labels:

Popular posts from this blog

Syslog Standards: A simple Comparison between RFC3164 & RFC5424

By
Syslog Standards: A simple Comparison between RFC3164 (old format) & RFC5424 (new format) Though syslog standards have been for quite long time, lot of people still doesn't understand the formats in detail. The original standard document is quite lengthy to read and purpose of this article is to explain with examples Some of things you might need to understand The RFC standards can be used in any syslog daemon (syslog-ng, rsyslog etc.) Always try to capture the data in these standards. Especially when you have log aggregation like Splunk or Elastic, these templates are built-in which makes your life simple. Syslog can work with both UDP & TCP  Link to the documents the original BSD format ( RFC3164 ) the “new” format ( RFC5424 ) RFC3164 (the old format) RFC3164 originated from combining multiple implementations (Year 2001) ...
Read more

Create your own Passport Photo using GIMP

By df
This tutorial is for semi-techies who knows a bit of GIMP (image editing).   This tutorial is for UK style passport photo ( 45mm x 35 mm ) which is widely used in UK, Australia, New Zealand, India etc.  This is a quick and easy process and one can create Passport photos at home If you are non-technical, use this link   .  If you want to create United States (USA) Passport photo or Overseas Citizen of India (OCI) photo, please follow this link How to Make your own Passport Photo - Prerequisite GIMP - One of the best image editing tools and its completely Free USB stick or any memory device to store and take to nearby shop A quality Digital camera Local Shops where you can print. Normally it costs (£0.15 or 25 US cents) to print 8 photos Steps (Video Tutorial attached blow of this page) Ask one of your colleague to take a photo  of you with a light background. Further details of how to take a photo  yourself       ...
Read more

Kubernetes & n8n: Setup n8n using K8S (Part 1)

By
Deploying n8n workflow automation with Kubernetes  Intro Aim of this article is to Publish n8n workflow automation tool into a Kubernetes environment.  n8n is quite flexible and can be used for IOT devices for your hobby projects to act as a SOAR tool at enterprise level. NOTE A new version " Scaling n8n on Kuberetes " is written for HELM chart based installation Pre-Reqs Familiarity with Kubernetes (k8s) Package components The deployment is split into following n8n-pvc0.yaml   - PersistentVolumeClaim To mount directory for n8n database and configs n8n-pvc1.yaml   - PersistentVolumeClaim To mount directory for n8n workflows n8n-deployment.yaml   - Actual deployment definitions n8n-svc.yaml   - Service To expose n8n for UI access n8n-pvc0.yaml apiVersion: v1 kind: PersistentVolumeClaim metadata: creationTimestamp: null labels: io.kompose.service: n8n-claim0 name: n8n-claim0 spec: accessModes: - ReadWriteOnce res...
Read more