Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Share internet connection only on two LANs

    Scheduled Pinned Locked Moved Firewalling
    5 Posts 4 Posters 2.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K Offline
      ketiljo
      last edited by

      Hi

      I'm fairly new to pfsense. Currently using version 1.2.3. For now I have only two NICs, WAN and LAN. On the LAN side, I have my PCs and a server for HTTP and FTP etc, plus a WL AP. I will put in another NIC so that I have one for my LAN and one for the AP. The AP is sharing internet for my tenants. Now, I don't want my tenants to have access to my LAN, hence the need of an extra NIC. I will set my LAN1 to 192.168.1.xxx and the tenants AP on LAN2 to 192.168.2.xxx. The pfsense box will do DHCP for both LANs.

      How can I set the FW rules to only allow access to WAN from LAN2? I don't need access to LAN2 from LAN1, so I guess both LANs can be set to only access WAN. I still need to NAT ports to the LAN1 server.

      I also want to limit the bandwith to LAN2. Is this possible with v 1.2.3 or do I have to upgrade to 2.0? n any case, how do I set this up?

      Thanks,

      Ketil

      1 Reply Last reply Reply Quote 0
      • B Offline
        bstamper
        last edited by

        I would have to test but I think by default traffic would not be allowed from your new OPT1 interface to the LAN and vise versa.  Its an easy test for you to do.  Put the NIC in, setup the interface, hook a computer rather than the AP up to it and try to ping back to the LAN.

        As for the bandwidth limiting when you walk thru the wizard simply choose the optional interface rather than the LAN for your local side and it should work.

        1 Reply Last reply Reply Quote 0
        • E Offline
          ericab
          last edited by

          for your first question, on the LAN2 tab, add a rule:

          Action: Block
          protocol: ANY
          Source: LAN2 Subnet
          Destination: LAN1 Subnet

          1 Reply Last reply Reply Quote 0
          • K Offline
            ketiljo
            last edited by

            Thanks, I'll give it a try.

            cheers,
            Ketil

            1 Reply Last reply Reply Quote 0
            • ? This user is from outside of this forum
              Guest
              last edited by

              I have your very setup working at my house. Here are my rules.

              under LAN:
              PASS:      * LAN net * ! WIRELESS net * * none

              under WIRELESS (Opt1)
              PASS       * WIRELESS net * ! LAN net * * none

              @ketiljo:

              Hi

              I'm fairly new to pfsense. Currently using version 1.2.3. For now I have only two NICs, WAN and LAN. On the LAN side, I have my PCs and a server for HTTP and FTP etc, plus a WL AP. I will put in another NIC so that I have one for my LAN and one for the AP. The AP is sharing internet for my tenants. Now, I don't want my tenants to have access to my LAN, hence the need of an extra NIC. I will set my LAN1 to 192.168.1.xxx and the tenants AP on LAN2 to 192.168.2.xxx. The pfsense box will do DHCP for both LANs.

              How can I set the FW rules to only allow access to WAN from LAN2? I don't need access to LAN2 from LAN1, so I guess both LANs can be set to only access WAN. I still need to NAT ports to the LAN1 server.

              I also want to limit the bandwith to LAN2. Is this possible with v 1.2.3 or do I have to upgrade to 2.0? n any case, how do I set this up?

              Thanks,

              Ketil

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.