Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Multiple wireless

    Scheduled Pinned Locked Moved
    Firewalling
    2
    3
    460
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      gent1255
      last edited by

      (Newbie here) I have setup pfsense like this: WAN Modem->Router/Wifi (DMZ) ->pfsense -> Accesspoint (WiFi-LAN). I am concerned that someone can hack into my DMZ and can get into LAN through WiFi-WiFi hacking. Is this a valid concern? Is there something I can do to fix this?
      Appreciate your help.

      John.

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        So your running wifi on what router?  And that is in front of pfsense.. And you call that your dmz?  So your double natting?  Why do you think they can hack into that wifi and not your AP wifi?  And then get into your lan?

        What are you using for wifi security?  WPA2 with a good PSK is more than secure enough.. But if you use "donthack" as your PSK then sure you might have some issues.  Don't use a common SSID, and use a long secure PSK..

        Or graduate to using wpa-enterprise and use say eap-tls.. Now to get on your wifi call clients need a cert, etc.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.7.2, 24.11

        1 Reply Last reply Reply Quote 0
        • G
          gent1255
          last edited by

          Thanks for the reply. Yes, I am double Natting (router & pfsense).

          I have following: WAN (CableOne)–>router (Netgear n300 on WPA2/PSK to TV-PC calling it DMZ)-->pfsense(Belkin 600 as AP)-->home pc.

          My thought was that someone from internet may hack into DMZ & Netgear n300, but should get blocked at pfsense. However, as both wifi's are in same space, I thought they can hack through Belkin 600 wifi as a backdoor. May be I am thinking too much (due to not much knowledge in this).

          Thanks.
          John.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post