


Leave WAN port disconnected, and set WiFi's LAN ip such way it will be in pfSense LAN range and disable DHCP on it. In pfSense DNS forwarder override public DNS records for FQDN of VMs, so when there would be connection from LAN to OPT1 it would point to VM located in OPT1 network.įor example, you have public A DNS record for web site that resolved to you public IP address as my.In DNS forwarder override public IP by setting my.This way if connection to VM comming from internet it will be passed over NAT to VM in OPT1 network, but if connection coming from LAN, pfSense's DNS forwarder will point to VM in OPT1 using private IPs.Īs about WiFi, - use it as access point (AP). This way internal LAN network would be able to access VM services but it will be protected from internet and OPT1 (so in case if some VM hacked, it will not be able to access LAN) In firewall rules enable passing all protocols from LAN to OPT1. This way NAT will always forward incoming connections to particular VM. I'm not sure why do you want DHCP on OPT1, but it is OK to have it as far as you use static DHCP that would glue MAC addresses of VMs to particular IP. On pfSense set NAT rules (that also automatically will create firewall rules) to forward publicly accessible ports to OPT1 network where you public services work in VM.

If you have single public IP then I suggest you to use schema below. I don't know why do you want a bridge mode.
