Simple question, need help with config.

  • Hi everyone,
    I am trying to set up a public access point.

    Right now I am running pfSense 2.0 alpha (latest)

    I have two NICs (one WAN, one LAN)

    the WAN is connecting to my ADSL modem via DHCP (PPPoE on modem due to pfSense and AT&T PPPoE compatibility)

    Anyway, what I am needing to do is have the network of the AP separate from my local network.

    The problem:

    What I am doing is:

    Two VLANs on the LAN NIC
    –> VLAN1 (ip: to be used for my LAN gateway
    --> VLAN2 (ip: to be used for the AP gateway

    The AP router is set up as:

    WAN Connection (Static):
    --> IP:
    --> GW:

    and on the pfSense I am trying to add a route from the network to the gateway (WAN) with a rule to drop any packets from to !

    Would this work? It does not seem to... If anyone could give a pretty good explanation how they would go about doing this, it would be much appreciated.

    Also, what I would ultimately like to do is reroute the traffic from the network through a transparent proxy.


    I am iffy with setting up VLAN gateways, etc...correctly.

  • First, never use VLAN id 1, it's often reserved for management and many switches won't accept traffic tagged with that VLAN id. It's not clear if you're doing that or not.

    Secondly, I have no idea about using ATT DSL or PPPoE (it doesn't exist in any real way here) with pfSense, but is there any way you can do away with the dual NAT? That's a messy configuration, and often causes issues, but if you can't get around it, well…

    I would set it up like this:

    VLAN10 ( - LAN:
      o  pfSense interface on a tagged port (
      o  default VLAN for all other (untagged) switch ports

    VLAN20 ( - WLAN:
      o  pfSense interface on a tagged port (
      o  AP LAN on an untagged port (

    Change subnets as you want, but from your original post it looked like you were using on both the WAN and WLAN which obviously wouldn't work. I picked for the WLAN side and assume you're using for the modem/pfSense interface. Though really I'd try hard to avoid this extra NAT and get a proper WAN IP for pfSense.

    If your 'AP' is actually a wireless router, connect pfSense to one of the LAN-side ports and disable DHCP. Don't use the WAN side for anything.

    You will then need to create rules on both interfaces to allow or drop traffic, I think you're on the right track there. Remember that traffic is checked as it arrives at pfSense, and the default is to drop all traffic that's not destined for an Internet host.

  • Thank you so much for the quick reply!

    I am having issues selecting a gateway for my VLAN10…

    "Select a existing Gateway from the list or add a new one. "

    There are no gateways listed, however I have my default "WAN" gateway.


    maybe this is an issue with pfSense 2.0 ALPHA?


    I am also not able to add new gateway.

  • why not simply put the wifi on a seperate subnet and you can use a firewall blocking rule to block wifi subnet from lan