Given
- ESXi host with 1 NIC
- Inside the host, there're 2 virtual switches: switch1 and switch2
- In switch1, there's 1 WAN interface
- In swtich2, there's 4 VLANs: VLAN10, VLAN20, VLAN30, and VLAN40
Existing Situation:
- pfsense is used between switch1 and switch2 for routing
- VM in each VLANs can access the Internet
Purpose:
- prevent VM in VLAN40 access VM of other VLANs
- allow VM access each other within VLAN40
- allow VM in VLAN40 access the Internet
What I have done to achieve the Purpose:
-
I have created 3 firewall rules in VLAN40, which is illustrated as below image
-
I have created an aliases, RFC1918, which includes:
- 10.0.0.0/8
- 172.16.0.0/12
- 192.168.0.0/16
Question:
- Are the firewall rules set correctly to achieve the purpose?
Best Answer
Purpose:
Is done by rule 2, unless any of your VMs in the other VLANs gets a public IP address. If you are sure that won't happen, you're fine.
Access within the VLAN is switched and shouldn't even arrive at the firewall.
pfsense will be the local DNS server, I assume from your first rule.
In short: Yes, should work, unless some pfsense- or ESXi-specific thing happens that I didn't think of. ;)