Firewall with one interface is possible ?

maximed · Dec 8, 2018, 11:43 AM

Hello,
I need/want to setup a firewall and captive portal on my home network so I chose a pfSense server.
My pfSense is connected to a Wi-Fi router.
The current solution to "force" users to go through my pfSense is that pfSense is the DHCP server and gives as gateway itself.
I would like to set traffic rules in and out the Wi-Fi interface, but the only informations and documentation I find are for two interfaces (one WAN and one LAN).
My network looks like the image below :

If I set the pfSense as the gateway, only local network is reached, but nothing beyond (not the ISP router in 192.168.1.1 for example). If I set the 192.168.2.2 router as gateway, everything's OK.

Is there a way to setup firewall rule on only one interface ?

By the way : in my "Status/System Logs/Firewall/Summary View" I can see all my attempts to ping 8.8.8.8 are blocked with or without rules ...

(I'm new to pfSense, please to gentle with me )

JKnott · Dec 8, 2018, 11:56 AM

The only way to use a single NIC is to use VLANs, which means you'll need a managed switch to separate the 2 sides of pfSense. Having just a single interface, as you propose will not work, as there's nothing to separate the WAN from LAN and you'll run into things like redirects, etc..

maximed · Dec 8, 2018, 12:37 PM

@jknott My pfSense if on a VirtualMachine. Do you think I can handle this problem by creating a second interface to my VM ?

johnpoz · Dec 8, 2018, 1:36 PM

You can if the only thing on the one side is going to be VMs

But if you going to have wan and lan of pfsense on your physical network then you will need to use vlans, and need switches that understand the vlan tagging.