Great pfsense start
-
If you are using 192.168.1.0/24 on your LAN interface configure an unused pfSense interface as 192.168.2.0/24.
Set up the DHCP scope on the new interface.
Create a new alias to include all your IP subnets and pop firewall rules on the guest interface like this:-
Configure the old wifi router to have an IP address in the 192.168.2.0/24 range and connect the old wifi routers LAN port to pfSense.
No need for dhcp relay.
-
Thanks so much -- I have already started on this and will let you know how it goes ..
your reply is very helpful
-
SO - the router was reset as an AP - now has static address 192.168.2.254 - changed the password and SSID
I can connect and authenticate to this wireless with my phone....
But - I cannot obtain an IP address..seems DHCP is not working correctly..I have checked that it is enabled ..
I have created a scope on the GUESTOPT1 interface going from 192.168.2.100 - 192.168.2.150.
The address of the ethernet interface on the pfsense is 192.168.2.211
I am sure I am missing something so obvious ...
Confused, I remain ..
-
A few things to check:-
Can you ping the ap from pfsense?
If you connect a PC to the guest interface does it get an ip address?
Have you connected the guest pfsense interface to the LAN interface on the AP?
-
How are you connecting the router? Is it really just as an Access Point? If it's just acting as a layer 2 device DHCP should pass it.
Steve
-
Yes - can ping the AP from pfsense:
Disconnected AP. Connected laptop to OPT port directy -- received IP address from given scope (192.168.2 104) ...
but amazingly - it now works ... I removed the firewall rules on the interface and added only a default rule.
I have the laptop and the firestick both working off the AP ... and Alexa is happy as well....
I will connect wife's phone, laptop and tablet ...
Thank you very much for your help in this ...
-
Just a followup -
FWIW - Here is a very good guide I found on securing the private network -- maybe be of some help for the next person ..
once the crew here steered me in the right direction, I knew what to search for ... what a valuable resource ..
-
@kappclark said in Great pfsense start:
Just a followup -
FWIW - Here is a very good guide I found on securing the private network -- maybe be of some help for the next person ..
once the crew here steered me in the right direction, I knew what to search for ... what a valuable resource ..
Slight issue with the guide he creates an IPv4/IPv6 rule with an IPv4 only alias and also allows http, ssh, etc ... access to the guest lan interface.
-
This post is deleted! -
Never would have picked that up ! Thx for heads up ... this is gong to be lots of fun ..
-
This post is deleted!
