VLAN translatiion

Hello,
I’m looking for firewalls that can perform VLAN translation. For example, tagged traffic coming on VLAN X and then egressing out with VLAN tag as Y. I stumbled upon pfsene. I can’t find any document which mentions this feature. Could someone please guide me, if pfsense can perform VLAN translation?

I can’t say I’ve had a need to do this, but I imagine it’s quite easy on any Linux system…

  • If you’ve got traffic coming in on eth0 tagged as vlan 20, you would configure an eth0.20 sub-interface to accept it.

  • If you want traffic to go out eth1 tagged as vlan 30, you would configure an eth1.30 sub-interface.

  • Then you’d use the “bridge” command to create a bridge interface with both sub-interface eth0.20 and eth1.30 as slaves. That should make traffic coming in on one interface go out the other, probably with the proper conversion of vlan tags. I’d think that would work.

The nmtui command looks like it will allow you to configure all of this:

If that doesn’t work for you, here’s the lower-level commands to configure vlans:

…and bridge those vlans:

Thanks for your reply. But is there any limitation on how many VLANs can be associated with nmtui. Can I do 50 VLANs?

Hi @goldytomy20 , welcome.

VLANs are virtual LANs, to get traffic between regular LANs you’d use a router, same with VLANs.

Are you sure you don’t just want routing?


If not, tou can also build a “filtering bridge”, which would turn your two VLANs into a kind of a single LAN where you get to control what stuff goes from to the other and back using a regular Linux firewall (for example).
This is less common, but perhaps necessary with some iot gadgetry that expects to see a single unified local network.