Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Firewalling or NAT to access private subnet not created by pfsense

    Scheduled Pinned Locked Moved NAT
    6 Posts 2 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • QinnQ
      Qinn
      last edited by

      Hi there I could use some help on the following, I want to access a certain device (10.0.0.101) that's on WiFi guest network, so it's created by the WiFi device and not by pfsense.  Coworkers who login to this WiFi device get ip's provided by PFS and are in subnet 192.168.5.X and guests who logon to the guest network on this same WiFi device, get an ip in the subnet 10.0.0.X.

      So schematic:

      LAN–---------192.168.1.X
      WAN---PFS-----
                            WLAN---------WiFi AP with 192.168.5.X provided on mac address by pfsense and a guest access with 10.0.0.X provided by the WiFi router

      How can I route traffic to the guest network, as pfsense has no idea there is another subnet on this WiFi device?

      Thanks for any help

      Cheers Qinn

      btw I created a thread in the Firewalling section, but after consideration I thought it should be here.

      Hardeware: Intel(R) Celeron(R) J4125 CPU @ 2.00GHz 102 GB mSATA SSD (ZFS)
      Firmware: Latest-stable-pfSense CE (amd64)
      Packages: pfBlockerNG devel-beta (beta tester) - Avahi - Notes - Ntopng - PIMD/udpbroadcastrelay - Service Watchdog - System Patches

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        So let me get this right you dhcp relay for your 192.168.5???  How exactly are you doing that pfsense does not run dhcp unless it has an interface in that network.

        "Coworkers who login to this WiFi device get ip's provided by PFS and are in subnet 192.168.5.X"

        So this clearly doesn't seem right.  What is seem slike is going on is you have some wifi router that is natting.. And its wan gets an IP in pfsense lan network 192.168.1.x

        Why do you need to route any traffic to this downstream nework, its behind a nat..

        If you want to do this correctly then get an AP that does vlans and have all your vlans routed with pfsense.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • QinnQ
          Qinn
          last edited by

          Thanks for your reply. I think I should provide a bit more details and hope that clarifies.

          WAN–-PFS---VLAN101 (192.168.1.1)/VLAN 105(192.168.5.1) connected to smart managed switch

          VLAN105 ----WiFi-router (Access Point), all devices get a ip on mac address in the 192.168.5.X range
          VLAN101-----unmanaged switch, all devices get an IP on Mac address in the 19.268.1.X range

          This WiFi router has the option to create a guest access with a different subnet (10.0.0.X)

          My question is how can I let pfs "know" there is a "different" subnet on this access point?

          I hope this helps Cheers Qinn

          Hardeware: Intel(R) Celeron(R) J4125 CPU @ 2.00GHz 102 GB mSATA SSD (ZFS)
          Firmware: Latest-stable-pfSense CE (amd64)
          Packages: pfBlockerNG devel-beta (beta tester) - Avahi - Notes - Ntopng - PIMD/udpbroadcastrelay - Service Watchdog - System Patches

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by

            It has option to create guest network when its working as nat roter

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 0
            • QinnQ
              Qinn
              last edited by

              Please see attachments, please bear in mind it's setup as a access point and no WAN is connected, the LAN side is connected to the managed switch.

              LAN.png
              LAN.png_thumb
              VLAN.png
              VLAN.png_thumb
              VWI.png
              VWI.png_thumb

              Hardeware: Intel(R) Celeron(R) J4125 CPU @ 2.00GHz 102 GB mSATA SSD (ZFS)
              Firmware: Latest-stable-pfSense CE (amd64)
              Packages: pfBlockerNG devel-beta (beta tester) - Avahi - Notes - Ntopng - PIMD/udpbroadcastrelay - Service Watchdog - System Patches

              1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator
                last edited by

                if no wan is connected how would its guest network work?  It sure doesn't bridge this different layer 3 network to normal lan network running on a different layer 3

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.8, 24.11

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.