Setting up guest network
-
hey, i have a rather strange setup at the moment, its almost working but a few things need to change… first, my current setup:
WAN->pfsnese (1.1.1.1) ->home network on: 1.1.1.x -> WIFI router connected on ip 1.1.1.5 -> Guest network on 192.168.1.x
now is the plan that the speed is limited for 1.1.1.5 and thus the whole guest network. this ive done and works. also i would like to limit the guest network (1.1.1.5) to just internet and not the other computers in my home network... but i dont know if its possible because a ping or brouwsing based on ip, doesn't ask permission from the firiwall (1.1.1.1)... on the other hand, browsing on network/computer name doesn't go beyond the guest network so i guess thats not all that bad...
its for a home network and guests with mostly tablets... its security doesn't have to be nasa style :P but it would be nice to be able to block ip stuff aswell... i had tried to put the guest router on: 1.1.2.1 and let things roll from there... but i didnt get internet. this way it means 1.1.1.x and 1.1.2.x are on the same network interface for the pfsense box (1.1.1.1) so i changed it back to 1.1.1.5 just so its working at the moment. i would rather have it in the 1.1.2.1 address but what do i need to do so i have internet in the 1.1.2.x range?
sander
-
No, you cannot have your LAN and WAN on the same subnet. And you should not be using research prefixes either.
inetnum: 1.1.1.0 - 1.1.1.255 netname: APNIC-LABS descr: Research prefix for APNIC Labs descr: APNIC country: AU admin-c: AR302-AP tech-c: AR302-AP mnt-by: APNIC-HM mnt-routes: MAINT-AU-APNIC-GM85-AP mnt-irt: IRT-APNICRANDNET-AU status: ASSIGNED PORTABLE changed: hm-changed@apnic.net 20140507 changed: hm-changed@apnic.net 20140512 source: APNIC
And finally - no, your WIFI router should NOT be routing. It should be connected via LAN port and have DHCP disabled.
-
I think you missread something…. i gat a WAN address of 84.28.x.x... the 1.1.1.1 if the ip on the lan side of the pfsense box
I dont really get the code bit (if your able to connect/login to my pfsense box, did i miss something when setting it up? ... but what should i do then... i can make a access point out of it no prob, that is how another router is configured just to put out the wifi for the home network...
but how can i put the settings for the guest network? if its in the same range, wont thy get random ip within my dhcp scope? so how wil i know which ip to limit?
-
I think you missread something…. i gat a WAN address of 84.28.x.x... the 1.1.1.1 if the ip on the lan side of the pfsense box
I would think you misdescribed something:
WAN->pfsnese (1.1.1.1) ->home network on: 1.1.1.x -> WIFI router connected on ip 1.1.1.5 -> Guest network on 192.168.1.x
Stick to RFC1918 space, not the 1.1.1.0 nonsense.
Any guest network goes to a separate interface, not your LAN. (And your wifi router still should NOT be routing anything, otherwise the only thing you can shape is the router.) -
i changed around a bit and now im having opt1 for guest and a global limit of the guest internet usage… i dont need a internet limit per ip so thats ok... is there anything else i need to set for rules from opt1 to lan and back?
in the firewall i only have the internet passthrough rule with the limit...