First of all I just want to say that I installed pfSense just the other night and I am adoring it so far! It has so many amazing features that I just love (The customizable dashboard and the NAT reflection policy just to name a few), and the more I use it the more I love it. I was running m0n0wall till the other night, but it just doesn't compare!
All gushing aside, I have a tricky sort of problem that I was hoping someone here may be able to shed some light on. I apologize in advance if I use any incorrect terminology, as I am still learning, and also if this is the complete wrong place to post it. I suspect that this post may be more at home on a VMware community board, but I've never had any luck getting replies there, and if the solution can be applied directly on the router than all the better.
The problem I have is this: I host a small VPS for a friend of mine, on a server I have running VMware ESXi, managed with vCenter. I would like to set up his VPS to have access to the gateway, but no LAN access. Is there some way I can configure pfSense (I am thinking through a VLAN or something like that) to allow internet access, but no LAN access? I found lots of guides on Google for allowing LAN access, and blocking the internet, but the ones I found for blocking LAN access all seemed to just involve "password protecting your shares". I like to keep things in the house rather open, so I would just rather put his VPS on a separate network (or VLAN). The main reason I offered to host it for him is so he can have full root access, and as such, any changes I make to the OS (Ubuntu if that matters) on his VPS he could just undo. I don't exactly expect him to go rooting through my files or anything, I just want to learn how to separate machines from my internal LAN. I have full access to the configuration on the VM host, and the router.
Thanks for reading, and sorry for the long post. If you require any additional information please let me know and I will provide!