I hope someone can give me some advice around setting up Pfsense to allow me to specify my main LAN devices to access resources on my Pfsense LAN. E.g I would like my iMac to SSH to a virtual machine on Pfsense LAN but I dont want any of the PFsense LAN to see my main network (Keep them Isolated).
My thoughts were to Port Forward but I cannot even ping my Pfsense router from the main local network.
I have tested and confirmed that if I port forward from my main router to the Pfsense router, I can then for example SSH to a machine on the Pfsense LAN from my public address.
I also have the issue of not being about to ping my Pfsense router from my main local subnet e.g from a iMac on 192.168.1.10 with my Pfsense WAN setup on 192.168.1.100 ( I get timeout for all requests when i ping 192.168.1.100). I dont think its firewall for the ping as I setup in the firewall rules to pass ICMP on WAN.
For info – I can ping all main local subnet IP from the Pfsense router console without any issues.
Please see attached for my drawing of my network topology, apologies I am not a network engineer if I am asking a dumb question that is not possible.
All of my main LAN clients are mainly on DHCP with the exception of a couple of static IP. The WAN of the Pfsense router is on a static IP but still allocated via DHCP.
All of the Pfsense LAN clients are on DHCP and all fine without any issues.
As a work around I could port forward from my main router to Pfsense but I would rather minimise external access into my network.