We are using PFSENSE 2.0 RELEASE version.
We are supplying internet access to offices in our building using PFSENSE. Its a NAT'ed network, which one public WAN ip address and 192.168.10.0/24 network on the LAN side.
We want to prevent ip addresses from being visible to each other on the network.
We have several switches in place; so I would like to know what is the proper way to do this. I am guessing that the solution has something to do with VLANs. Any help would be appreciated!
This may not be a PFSENSE issue but if it is I'd like to know how.
The fact that you want to prevent them from seeing each other means isolating each client office from another.
You'll need VLANs first of all.
Each VLAN should serve only 1 premise (office) and have it's own subnet.
You'll need to trunk the VLANs to your pfSense and you'll have multiple VLAN interfaces, each a LAN subnet of its own serving a specific office.
This will allow you to quickly block problematic offices or unused offices simply by bringing down the vlan interface or blocking the associated subnet via firewall rules. Also, since each office has its own subnet, a broadcast storm on one subnet isn't going to affect the other offices.