Firewalling or NAT to access private subnet not created by pfsense



  • Hi there I could use some help on the following, I want to access a certain device (10.0.0.101) that's on WiFi guest network, so it's created by the WiFi device and not by pfsense.  Coworkers who login to this WiFi device get ip's provided by PFS and are in subnet 192.168.5.X and guests who logon to the guest network on this same WiFi device, get an ip in the subnet 10.0.0.X.

    So schematic:

    LAN–---------192.168.1.X
    WAN---PFS-----
                          WLAN---------WiFi AP with 192.168.5.X provided on mac address by pfsense and a guest access with 10.0.0.X provided by the WiFi router

    How can I route traffic to the guest network, as pfsense has no idea there is another subnet on this WiFi device?

    Thanks for any help

    Cheers Qinn

    btw I created a thread in the Firewalling section, but after consideration I thought it should be here.


  • LAYER 8 Global Moderator

    So let me get this right you dhcp relay for your 192.168.5???  How exactly are you doing that pfsense does not run dhcp unless it has an interface in that network.

    "Coworkers who login to this WiFi device get ip's provided by PFS and are in subnet 192.168.5.X"

    So this clearly doesn't seem right.  What is seem slike is going on is you have some wifi router that is natting.. And its wan gets an IP in pfsense lan network 192.168.1.x

    Why do you need to route any traffic to this downstream nework, its behind a nat..

    If you want to do this correctly then get an AP that does vlans and have all your vlans routed with pfsense.



  • Thanks for your reply. I think I should provide a bit more details and hope that clarifies.

    WAN–-PFS---VLAN101 (192.168.1.1)/VLAN 105(192.168.5.1) connected to smart managed switch

    VLAN105 ----WiFi-router (Access Point), all devices get a ip on mac address in the 192.168.5.X range
    VLAN101-----unmanaged switch, all devices get an IP on Mac address in the 19.268.1.X range

    This WiFi router has the option to create a guest access with a different subnet (10.0.0.X)

    My question is how can I let pfs "know" there is a "different" subnet on this access point?

    I hope this helps Cheers Qinn


  • LAYER 8 Global Moderator

    It has option to create guest network when its working as nat roter



  • Please see attachments, please bear in mind it's setup as a access point and no WAN is connected, the LAN side is connected to the managed switch.







  • LAYER 8 Global Moderator

    if no wan is connected how would its guest network work?  It sure doesn't bridge this different layer 3 network to normal lan network running on a different layer 3


Log in to reply