Great pfsense start
-
@kappclark said in Great pfsense start:
It is a AMD Athlon based box w/4GB ram and 120G ssd ... colossal improvement over the 5 year old Linksys E1200 wireless router, which I always seemed to be rebooting ..I am using a USB ethernet nic for the LAN side, and seems to work fine, but woud like to get a dual-port nic.
Can anyone recomment a good one ? I think Intel makes good ones...
Bill Clark, Windham, VTIMO you'd be better off buying an access-point and a switch that supports vlans, I use a Ubiquity UniFi AP-AC-Pro.
That way you'd have all your wireless networks on a single AP, its a recipe for problems having multiple access-points providing different networks especially at 2.4Ghz.
https://forum.netgate.com/topic/132431/simple-vlan-for-pfsense-unifi-ap-ac-lr
You could use your old router just for a guest network by switching off dhcp on the thing and connecting it to your guest LAN port on pfSense.
-
@NogBadTheBad
Yes - just did that and works fine --- can the new 'guest' network be configured so that it lives on a different subnet from the home network ? Perhaps some kind of dhcp relay ?Thx for reply ...
-
If you are using 192.168.1.0/24 on your LAN interface configure an unused pfSense interface as 192.168.2.0/24.
Set up the DHCP scope on the new interface.
Create a new alias to include all your IP subnets and pop firewall rules on the guest interface like this:-
Configure the old wifi router to have an IP address in the 192.168.2.0/24 range and connect the old wifi routers LAN port to pfSense.
No need for dhcp relay.
-
Thanks so much -- I have already started on this and will let you know how it goes ..
your reply is very helpful
-
SO - the router was reset as an AP - now has static address 192.168.2.254 - changed the password and SSID
I can connect and authenticate to this wireless with my phone....
But - I cannot obtain an IP address..seems DHCP is not working correctly..I have checked that it is enabled ..
I have created a scope on the GUESTOPT1 interface going from 192.168.2.100 - 192.168.2.150.
The address of the ethernet interface on the pfsense is 192.168.2.211
I am sure I am missing something so obvious ...
Confused, I remain ..
-
A few things to check:-
Can you ping the ap from pfsense?
If you connect a PC to the guest interface does it get an ip address?
Have you connected the guest pfsense interface to the LAN interface on the AP?
-
How are you connecting the router? Is it really just as an Access Point? If it's just acting as a layer 2 device DHCP should pass it.
Steve
-
Yes - can ping the AP from pfsense:
Disconnected AP. Connected laptop to OPT port directy -- received IP address from given scope (192.168.2 104) ...
but amazingly - it now works ... I removed the firewall rules on the interface and added only a default rule.
I have the laptop and the firestick both working off the AP ... and Alexa is happy as well....
I will connect wife's phone, laptop and tablet ...
Thank you very much for your help in this ...
-
Just a followup -
FWIW - Here is a very good guide I found on securing the private network -- maybe be of some help for the next person ..
once the crew here steered me in the right direction, I knew what to search for ... what a valuable resource ..
-
@kappclark said in Great pfsense start:
Just a followup -
FWIW - Here is a very good guide I found on securing the private network -- maybe be of some help for the next person ..
once the crew here steered me in the right direction, I knew what to search for ... what a valuable resource ..
Slight issue with the guide he creates an IPv4/IPv6 rule with an IPv4 only alias and also allows http, ssh, etc ... access to the guest lan interface.
-
This post is deleted! -
Never would have picked that up ! Thx for heads up ... this is gong to be lots of fun ..
-
This post is deleted!
