Configuration Query



  • Hi.
    My Qotom 4 port PC has arrived. I've installed pfSense and confirmed the PPPoE setting are correct. All up running and connected online in about 20 minutes :)

    Now I want to look at configuring this for my needs.

    Port 01 - WAN PPPoE
    Port 02 - LAN 192.168.10.x range
    Port 03 - OPT1 WiFi Access Point
    Port 04 - OPT2 Empty

    Port 02 is connecting to a Gigabit POE switch that does port based VLAN's. This all works well and I have a port that acts as the uplink to Port 02 on the Qotom. All devices on the switch can get internet access, but only specific ports see each other. (this part has been working fine for 2 years)

    My Wifi Access point doesn't do any MAC filtering, VLANS, guest LAN etc, so I'm trying to find a way to allow specific addresses to access the WAN & LAN, but others only the WAN. (I don't want to buy a new AP, I'd prefer to reuse what I have)

    I'm wondering if this would work, or if there is a better/simpler way to do it..
    On Port 03 enable DHCP and set some static IP Address entries for known devices.
    Then when those devices connect via Wifi they should always get the same IP address regardless of them being static or dynamically set. I can then create an Alias list of known device IP addresses.

    Should the OPT1 DHCP be in in the same LAN 192.168.10.x range or a separate range ? if it's separate, how do I route between it and LAN ?

    Do I add a rule to OPT1 to only allow those addresses to LAN, but allow anything to WAN ?
    or do I need to add a rule to LAN to block everything from OPT1 except the aliases of known IP addresses ?

    Would this allow a wireless client to connect and based on its IP Address either route via to WAN & LAN or just WAN ?

    Thanks



  • Then when those devices connect via Wifi they should always get the same IP address regardless of them being static or dynamically set.

    Configure static mappings and even your DHCP users will always get assigned the same address.

    Should the OPT1 DHCP be in in the same LAN 192.168.10.x range or a separate range ?

    It doesn't really matter, but it is often easier to manage if they're in their own subnet.

    if it's separate, how do I route between it and LAN ?

    pfSense handles the routing, you just need to add a firewall rule to allow access from OPT1 to anywhere since it has no default rule.

    Do I add a rule to OPT1 to only allow those addresses to LAN, but allow anything to WAN ?

    Yes.  Firewall rules are applied to traffic entering an interface, so if you want to control OPT1 traffic then you would place your rules on the OPT1 firewall rules tab.

    or do I need to add a rule to LAN to block everything from OPT1 except the aliases of known IP addresses ?

    That's not how it works as I said above.  You would put a rule on LAN if you want to control LAN traffic outbound.  If you want to block OPT1 from LAN< the rule needs to be on OPT1.

    Would this allow a wireless client to connect and based on its IP Address either route via to WAN & LAN or just WAN ?

    Of course.  Traffic is allowed to flow to wherever your rules dictate.



  • Many thanks for your reply.
    I plan to try this in the next week or so..

    I'll post back how I get on.

    Regards