(Newbie here) I have setup pfsense like this: WAN Modem->Router/Wifi (DMZ) ->pfsense -> Accesspoint (WiFi-LAN). I am concerned that someone can hack into my DMZ and can get into LAN through WiFi-WiFi hacking. Is this a valid concern? Is there something I can do to fix this?
Appreciate your help.
So your running wifi on what router? And that is in front of pfsense.. And you call that your dmz? So your double natting? Why do you think they can hack into that wifi and not your AP wifi? And then get into your lan?
What are you using for wifi security? WPA2 with a good PSK is more than secure enough.. But if you use "donthack" as your PSK then sure you might have some issues. Don't use a common SSID, and use a long secure PSK..
Or graduate to using wpa-enterprise and use say eap-tls.. Now to get on your wifi call clients need a cert, etc.
Thanks for the reply. Yes, I am double Natting (router & pfsense).
I have following: WAN (CableOne)–>router (Netgear n300 on WPA2/PSK to TV-PC calling it DMZ)-->pfsense(Belkin 600 as AP)-->home pc.
My thought was that someone from internet may hack into DMZ & Netgear n300, but should get blocked at pfsense. However, as both wifi's are in same space, I thought they can hack through Belkin 600 wifi as a backdoor. May be I am thinking too much (due to not much knowledge in this).