Virtual Interface by adding user by MAC Address
-
Sorry if the title isn't match what I'm trying to achieve, but it's fairly hard to explain in short title.
Now at my setup, I have a pfSense box next to my modems on my first floor. But what I also have is a server running on the second floor. The problem is that I must have wireless access points for guests connected to a hub next to my server, and I only have a single Ethernet cable running from my pfSense box to that hub. So, I can't do things like having separate nics, one for guests and one for my server.
Basically what I'm trying to do is have 3 groups of subnet:
- SERVER (DMZ) = GUESTS can't access this subnet but LAN and WAN can.
- LAN = The users in this group is identified by device's MAC Address. This is a subnet which is like a private home network. Have access to all the subnets.
- GUESTS = Unsecured wifi, Authenticated by captive portal, have access only to WAN through squid proxy and is blocked from DMZ and LAN.
I know that is a hard thing to do, but the harder thing is to have another Ethernet cable from pfSense to my server. So, I will do that if it was my last choice.
I have searched all over the internet and haven't found any solution to this, and this is my first time setting up a firewall like this. So if you have any solution, please let me know. And if it isn't possible then what is my best alternative without having to have another cable.
Thanks.
-
You will have to use VLANs to do that. Put a VLAN switch in place of the ordinary switch (hub) on the first floor. Then you can have 3 VLANs and trunk them on 1 cable back to pfSense. If you are happy to run 100Mbps VLAN trunk to pfSense, then a 100Mbps 8-port VLAN switch is not so expensive.