Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Simple question, need help with config.

    Scheduled Pinned Locked Moved Routing and Multi WAN
    4 Posts 3 Posters 1.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jowy
      last edited by

      Hi everyone,
      I am trying to set up a public access point.

      Right now I am running pfSense 2.0 alpha (latest)

      I have two NICs (one WAN, one LAN)

      the WAN is connecting to my ADSL modem via DHCP (PPPoE on modem due to pfSense and AT&T PPPoE compatibility)

      Anyway, what I am needing to do is have the network of the AP separate from my local network.

      The problem:

      What I am doing is:

      Two VLANs on the LAN NIC
      –> VLAN1 (ip: 10.0.0.1) to be used for my LAN gateway
      --> VLAN2 (ip: 10.0.2.1) to be used for the AP gateway

      The AP router is set up as:
      LAN
      IP: 10.0.5.1
      Gateway: 10.0.5.1
      DHCP: 10.0.5.10-10.0.5.200

      WAN Connection (Static):
      --> IP: 10.0.2.2
      --> GW: 10.0.2.1

      and on the pfSense I am trying to add a route from the 10.0.2.0 network to the 10.0.0.1 gateway (WAN) with a rule to drop any packets from 10.0.2.0/24 to ! 10.0.0.1

      Would this work? It does not seem to... If anyone could give a pretty good explanation how they would go about doing this, it would be much appreciated.

      Also, what I would ultimately like to do is reroute the traffic from the 10.0.2.0/24 network through a transparent proxy.

      Basically...

      I am iffy with setting up VLAN gateways, etc...correctly.

      1 Reply Last reply Reply Quote 0
      • K
        ktims
        last edited by

        First, never use VLAN id 1, it's often reserved for management and many switches won't accept traffic tagged with that VLAN id. It's not clear if you're doing that or not.

        Secondly, I have no idea about using ATT DSL or PPPoE (it doesn't exist in any real way here) with pfSense, but is there any way you can do away with the dual NAT? That's a messy configuration, and often causes issues, but if you can't get around it, well…

        I would set it up like this:

        VLAN10 (10.0.0.0/24) - LAN:
          o  pfSense interface on a tagged port (10.0.0.1)
          o  default VLAN for all other (untagged) switch ports

        VLAN20 (10.0.5.0/24) - WLAN:
          o  pfSense interface on a tagged port (10.0.5.1)
          o  AP LAN on an untagged port (10.0.5.2)

        Change subnets as you want, but from your original post it looked like you were using 10.0.2.0/24 on both the WAN and WLAN which obviously wouldn't work. I picked 10.0.5.0 for the WLAN side and assume you're using 10.0.2.0 for the modem/pfSense interface. Though really I'd try hard to avoid this extra NAT and get a proper WAN IP for pfSense.

        If your 'AP' is actually a wireless router, connect pfSense to one of the LAN-side ports and disable DHCP. Don't use the WAN side for anything.

        You will then need to create rules on both interfaces to allow or drop traffic, I think you're on the right track there. Remember that traffic is checked as it arrives at pfSense, and the default is to drop all traffic that's not destined for an Internet host.

        1 Reply Last reply Reply Quote 0
        • J
          jowy
          last edited by

          Thank you so much for the quick reply!

          I am having issues selecting a gateway for my VLAN10…

          "Select a existing Gateway from the list or add a new one. "

          There are no gateways listed, however I have my default "WAN" gateway.

          ...

          maybe this is an issue with pfSense 2.0 ALPHA?

          EDIT:

          I am also not able to add new gateway.

          1 Reply Last reply Reply Quote 0
          • W
            wonslung
            last edited by

            why not simply put the wifi on a seperate subnet and you can use a firewall blocking rule to block wifi subnet from lan

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.