Blocking off wireless network.
-
My curent setup is my pfsense machine plugged into my powerconnect 2724 and then I've got a wireless router plugged into the switch.
Im looking for the best way to isolate certain traffic from the WLAN network from hitting things within my LAN network.
I don't wanna block off WLAN from LAN entirely. But I'm looking for ideas on how to have pretty much just my phone or any other devices I want to add in the future that is connected via WLAN be able to access stuff on my LAN network.
Router is set up on 192.168.2.x
pfsense box is set up on 10.0.0.xRight now the two can't communicate with anything on eachothers networks period.
Ultimately I wan't my router to run DHCP leases through my pfsense box, I experimented with that a little bit but ended up having to reset my router about 20 times because I was no longer able to communicate w/ it even after setting my ip as a static on the router.
Any tips?
-
WTF - You are doing it wrong…
Make pfsense your sole router - no double NAT.
Give the WLAN either its own interface and subnet or its own vlan and subnet.Then you can control all this as you like. So, WTF... Enjoy.
-
The only other way I could add WLAN to my pfsense box is if I did a USB interface.
Not a horrible idea really.
-
WTF - You can't use a wireless AP plugged into a NIC? Like all the rest of us?
Well - maybe not ALL of us, but alot… -
-
I do have a 3rd NIC available to me on the pfsense box….
But how do I still accomplish what it is I'm looking to do?
-
Use that 3rd NIC and put your AP on that - Then you will have very fine control over what can talk to what.
That sounds good to me. I say WTF… Why not try it.P.S. "Ultimately I wan't my router to run DHCP leases through my pfsense box".
Why wouldn't you have pfsense doing the routing, firewalling, and DHCP? I read somewhere its pretty good at those things...
-
Use that 3rd NIC and put your AP on that - Then you will have very fine fine control over what can talk to what.
That sounds good to me. I say WTF… Why not try it.The only reason I'm hesitant to do that is because its onboard nic, not really a bad thing but wouldn't using onboard use more processing power as compared to using the intel dual gbe nic i'm using now?…
And lets say theoretically I do take that approach and plug the AP into my 3rd nic,
How does it have to be set up necessarily ( I R NETWURK NEWB) are we talking about the ap pulling DHCP leases from the pfsense box or what?
And to block the router from having access to webUI i'd just set up a firewall rule I assume.
-
I do have a 3rd NIC available to me on the pfsense box….
But how do I still accomplish what it is I'm looking to do?
As already said above:
- Make pfSense your (only) router.
- On pfSense, create a reserved subnet for the WLAN
- Disable WAN on the AP, disable everything else (like DHCP server, etc.)
- Configure purely as AP
- Plug into the third NIC
-
Onboard isn't necessarily bad. - Onboard NIC might be good. Depends on the NIC.
I doubt seriously it will cause any noticeable increase is system overhead.WTF - YOLO… Give it a shot. You might like it.
(You are lucky your name isn't CaptainMF)
"are we talking about the ap pulling DHCP leases from the pfsense box or what?"
Ahhhhhhhh.... Yeah. ;)
There are some special APs that will let you do that... Like - All of them. -
Alright lets see what I can do here lol.
-
Cool - Do it exactly the way doktornotor described above - When you add the new interface, don't forget to activate DHCP and to give it a new / unique IP and DHCP range. Then set firewall rules to allow traffic, similar to what you have on LAN (I hope).
And WTF, if you have any issues, I'll check back to see if I can help. Its not difficult. -
I haven't a clue what the fuck happened but now the machine doesn't work at all. I don't even get video output from it…. -.- Gonna do a bios reset and let it sit for a bit.
-
Well, if the machine's hostname is "wtf", that'd kinda explain it… ;D ;D ;D
-
Well, if the machine's hostname is "wtf", that'd kinda explain it… ;D ;D ;D
LOL, Well i've a HDMI, VGA, and DVI port on this beast. I checked DVI/HDMI no go. So I pulled power to PSU, shut off PSU, Pulled CMOS battery. jumped the reset pins on the board. let it sit for 5 min. now it shows me something on the screen. So let me see if I can't get back to breaking stuff. :P
-
So Now i have WAN, LAN, and OPT1 interfaces.
Renamed OPT1 to AP
Type should be?…. DHCP or static?
Should be static...
Now as far as what kejianshi said about giving it a new IP and DHCP range elaborate further?
-
Just set up DHCP server on the AP interface.
-
The OPT1 should have a static IP just like the LAN, but a different subnet.
Then go to DHCP server and set up DHCP for that interface, just like the LAN (but different subnet).WTF - You can do it…
Purely for instance:
LAN - Static IP of 10.10.30.1 set up as a /24 and in DHCP range of 10.10.30.50 - 10.10.30.150
OPT1 - Static IP of 10.10.40.1 set up as a /24 and in DHCP range of 10.10.40.50 - 10.10.40.150
Just as an example...
If that doesn't work, I don't know WTF is wrong... Captain.
-
Okay, theres that.
http://img38.imageshack.us/img38/2925/ov3c.pngFinally I got it set up properly. The pfsense box has assigned the AP an ip of 10.0.1.10, Now on the AP side of things I believe i'm sticking it into straight up AP mode. no DHCP or anything, which should have it pull addresses from the pfsense machine I believe.
-
WTF, looks like it works! :o ;D