Great pfsense start

kappclark

@NogBadTheBad
Yes - just did that and works fine --- can the new 'guest' network be configured so that it lives on a different subnet from the home network ? Perhaps some kind of dhcp relay ?

Thx for reply ...

NogBadTheBad

@kappclark

If you are using 192.168.1.0/24 on your LAN interface configure an unused pfSense interface as 192.168.2.0/24.

Set up the DHCP scope on the new interface.

Create a new alias to include all your IP subnets and pop firewall rules on the guest interface like this:-

Screenshot 2020-02-11 at 15.42.40.png

Configure the old wifi router to have an IP address in the 192.168.2.0/24 range and connect the old wifi routers LAN port to pfSense.

No need for dhcp relay.

kappclark

Thanks so much -- I have already started on this and will let you know how it goes ..

your reply is very helpful

kappclark

SO - the router was reset as an AP - now has static address 192.168.2.254 - changed the password and SSID

I can connect and authenticate to this wireless with my phone....

But - I cannot obtain an IP address..seems DHCP is not working correctly..I have checked that it is enabled ..

I have created a scope on the GUESTOPT1 interface going from 192.168.2.100 - 192.168.2.150.

The address of the ethernet interface on the pfsense is 192.168.2.211

I am sure I am missing something so obvious ...

Confused, I remain ..

NogBadTheBad

@kappclark

A few things to check:-

Can you ping the ap from pfsense?

If you connect a PC to the guest interface does it get an ip address?

Have you connected the guest pfsense interface to the LAN interface on the AP?

stephenw10

How are you connecting the router? Is it really just as an Access Point? If it's just acting as a layer 2 device DHCP should pass it.

Steve

kappclark

Yes - can ping the AP from pfsense:

Disconnected AP. Connected laptop to OPT port directy -- received IP address from given scope (192.168.2 104) ...

but amazingly - it now works ... I removed the firewall rules on the interface and added only a default rule.

I have the laptop and the firestick both working off the AP ... and Alexa is happy as well....

I will connect wife's phone, laptop and tablet ...

Thank you very much for your help in this ...

kappclark

Just a followup -

FWIW - Here is a very good guide I found on securing the private network -- maybe be of some help for the next person ..

once the crew here steered me in the right direction, I knew what to search for ... what a valuable resource ..

NogBadTheBad

@kappclark said in Great pfsense start:

Just a followup -

FWIW - Here is a very good guide I found on securing the private network -- maybe be of some help for the next person ..

once the crew here steered me in the right direction, I knew what to search for ... what a valuable resource ..

Slight issue with the guide he creates an IPv4/IPv6 rule with an IPv4 only alias and also allows http, ssh, etc ... access to the guest lan interface.

NogBadTheBad

This post is deleted!

kappclark

Never would have picked that up ! Thx for heads up ... this is gong to be lots of fun ..

joshepmurray

This post is deleted!