Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PFsense segragating two networks w/ client isolation

    Scheduled Pinned Locked Moved General pfSense Questions
    4 Posts 2 Posters 2.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      T3Knizion
      last edited by

      Hi all,

      Just want to than everyone who is contributed to PFSense especially the ones who developed it and made it happen. This has to be the F#$ING SICKEST BEST FIREWALL I have ran for about what 2 years almost. And I have to admit it's damn good.

      My project running PFSense is great with captive portal, giving free wifi access to my neighbors and what not but now I am hosting more critical files on my network. So now I would like to seclude my network from theirs. I'm a bit novice to this but understand enough to navigate with some guidance so all help would be greatly appreciated.

      What I want to do is run a 10.0.0.x subnet for my personal computers, run 192.168.1.x for the neighbors and seclude them from communicating with my network and with each other. Is this possible?

      I've tried a 2nd LAN optional interface; I get an IP from the 2nd Nic Card (well it's third but not including the WAN interface) and all options I enable even static gateway address it doesn't go past the router. I even set the rules for the firewall cloning the original default configuration for the initial rule set but still no go. Am I missing something?

      If it's not too much trouble can someone point out some step by steps to get this running?

      Thanks again and great work to the developers and contributors.

      1 Reply Last reply Reply Quote 0
      • M
        Monoecus
        last edited by

        This is much easier than you might have thought. Just setup another interface (either another physical card or a VLAN). Block all traffic from WAN (as default) and allow Neighbours to only reach WAN. So the rule must be LAN -> WAN open, everything else on the neighbour's LAN blocked.

        1 Reply Last reply Reply Quote 0
        • T
          T3Knizion
          last edited by

          :) SWEET! Thanks I think I got it however a bit confused on the LAN -> WAN open. Are you referring to the Source/Destination section?

          BTW I really appreciate your help so thanks again

          1 Reply Last reply Reply Quote 0
          • M
            Monoecus
            last edited by

            i just meant that you allow LAN(private)-> WAN and LAN(public) -> WAN in the Rules section (Source/Destination) but disallow LAN(public) -> LAN(private). If you want to access LAN(public) from LAN(private) then allow it, otherwise block it.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.