Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    2 Networks to 1 WAN

    Scheduled Pinned Locked Moved Routing and Multi WAN
    4 Posts 2 Posters 1.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • W Offline
      webadoo
      last edited by

      Hello,

      I think i'm in the right subject to post my problem.

      First i will explain the situation which i'm in

      I receive a dynamic IP address from my ISP which i connect to the WAN port of my pfsense. I've just configured the WAN on the pfsense just basic, just set the type to "DHCP".
      After that i gave my LAN interface an ip address of 10.0.0.1/24. which acts as default gateway for the 10.0.0.x/24 network. Any host connected on this network will receive a DHCP address from the server. and the hosts can connect to the internet

      Until here everything works like it should.

      But now i want to use the OPT1 interface to have a seperate network for guest clients who will connect wireless with their phones, laptops, … it must act like a free hotspot.
      I gave the OPT1 interface an ip address of 10.0.2.1/24.
      I have access points of unifi where i can send a SSID just over the default vlan which will be secured with a password, and i can send a SSID for the guest network which will be in VLAN 2. That's why i've set my port 22 on the switch untagged vlan 1 and tagged vlan 2. The hosts on the guests network should receive an DHCP address from the pfsense in the 10.0.2.x/24 range. so i've enabled the DHCP server on the pfsense.

      i think i'm right with the physical setup here...?

      but i don't know how to configure the pfsense right to let the 2 different networks have access to the internet. Because when i connect the OPT1 interface i can't access the internet on the different networks.

      can someone help me out here? :)

      i've also added an network diagram http://imageshack.us/photo/my-images/689/screenshot114a.jpg/

      thanks in advance

      1 Reply Last reply Reply Quote 0
      • G Offline
        galaxy60
        last edited by

        Hi this will work you just need to create a default rule in the firewall section for you second LAN to allow all traffic out then create a block rule before the allow all For any proto source as any destination LAN. This will stop anyone from accessing your LAN

        In firewall section goto you LAN2 for guests create the below

        Block. * * * LAN NET  * * NONE.    Block access to LAN
        Allow. * *    * *          * * NONE     Default allow all out

        You will have to tag the traffic from your switch to your access points some AP's are different like HP where you don't tag VLAN 1 but you do TAG VLAN2 and then Zyxel you have to TAG every VLAN

        1 Reply Last reply Reply Quote 0
        • W Offline
          webadoo
          last edited by

          thanks for the reply

          i can try this on monday, and test everything what you said :)

          i will give some feedback if this works!

          1 Reply Last reply Reply Quote 0
          • G Offline
            galaxy60
            last edited by

            Should be fine keep me posted!!

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.