PFsense segragating two networks w/ client isolation

  • Hi all,

    Just want to than everyone who is contributed to PFSense especially the ones who developed it and made it happen. This has to be the F#$ING SICKEST BEST FIREWALL I have ran for about what 2 years almost. And I have to admit it's damn good.

    My project running PFSense is great with captive portal, giving free wifi access to my neighbors and what not but now I am hosting more critical files on my network. So now I would like to seclude my network from theirs. I'm a bit novice to this but understand enough to navigate with some guidance so all help would be greatly appreciated.

    What I want to do is run a 10.0.0.x subnet for my personal computers, run 192.168.1.x for the neighbors and seclude them from communicating with my network and with each other. Is this possible?

    I've tried a 2nd LAN optional interface; I get an IP from the 2nd Nic Card (well it's third but not including the WAN interface) and all options I enable even static gateway address it doesn't go past the router. I even set the rules for the firewall cloning the original default configuration for the initial rule set but still no go. Am I missing something?

    If it's not too much trouble can someone point out some step by steps to get this running?

    Thanks again and great work to the developers and contributors.

  • This is much easier than you might have thought. Just setup another interface (either another physical card or a VLAN). Block all traffic from WAN (as default) and allow Neighbours to only reach WAN. So the rule must be LAN -> WAN open, everything else on the neighbour's LAN blocked.

  • :) SWEET! Thanks I think I got it however a bit confused on the LAN -> WAN open. Are you referring to the Source/Destination section?

    BTW I really appreciate your help so thanks again

  • i just meant that you allow LAN(private)-> WAN and LAN(public) -> WAN in the Rules section (Source/Destination) but disallow LAN(public) -> LAN(private). If you want to access LAN(public) from LAN(private) then allow it, otherwise block it.

Log in to reply