Masquerading/Seperating Seperate LAN's

  • Hi guys.

    I've come across pfsense 2 years ago, basically being dropped in deep end to configure and manage several networks in a hotel. At the time, I knew nothing of routing and firewalls, and stumbled upon pfsense while researching software options.

    I have 2 x Intel 1U 6 port devices, Core2Dou/4Gb DDR3 firewalls. Both currently loaded with pfsense 2.4.1. I have manged to learn through tutorials and the forums how to get most things done to the point where one of these devices has handled 1132 devices over 3 networks simultaneously with no hassle.

    Now, there's still 2 things I still cannot figure out or get to work correctly. Setup is as follows

    EM0 - WAN
    EM1 - LAN (which also carries all hotel backoffice traffic)
    EM2 - Hotel Rooms Wifi
    EM3 - Hotel Conference venues Wifi
    EM4 - Main Restaurant Wifi

    I have several rules set up, 1 floating to block port 25, Default IPv4/IPv6 per network, user limiters per network etc etc.

    Problem 1. My users on EM1-LAN has access to several shared network drives. I noticed on day that while connected to EM2- Hotel Rooms Wifi users somehow can still access parts of those shares.
    Can anyone point me in the right direction to write rules for each network to be completely hidden/masqed/seperate all networks from one another?

    Problem 2. Our main WAN connection has been a 200Mbps connection that was always shared among all networks. So if one network is very busy, it would affect the others bandwidth wise. We have last week upgraded the 200 to a 500Mbps line. Now, I would like to allocate allowances per network so they don't overrun or affect the other networks. So, for instance

    EM1 - 60Mbps
    EM2 - 200Mbps
    EM3 - 200Mbps
    EM4 - 40Mbps

    Once again, would someone kindly point me towards the correct tutorial or how to/wiki to get these allowances configured.

    I apologize if I use a word, abbreviation or phrase incorrectly, English isn't my first language. :)

    Thanking you in advance.

Log in to reply