Help VIP to connect subnets

Chrisnz

Maybe someone can help me with my limited network knowledge...

I want to connect a second WiFi router for guests that can only access the internet. I gave the WiFi router the IP 192.168.4.2 to have a it's own subnet (and DHCP running on it). My pfSense box only has 3 physical network ports which are all occupied and have other subnets. This is where I hit the wall, I tried a few things but failed.

What would be the easiest way to achieve this? I read something about Virtual IPs but I'm not sure how they exactly work. Do I add a VIP to my LAN interface with the IP 192.168.4.1 to be the gateway for the second WiFi router? Just a VIP is probably not enough, NAT or Firewall rules are probably required, too?

What I have:

Hardware:

• pfSense Box(PC Engines APU2 with 3 network ports)
• Netgear GS716T Switch
• UFB Modem
• WiFi Router 1
• WiFi Router 2

Connections:

• UFB Modem connected to pfSense WAN port
• pfSense LAN Port (192.168.1.x subnet) connected to Netgear Switch
• WiFi Router 1 connected to WIFIAP Port (192.168.3.x subnet) to pfSense
• WiFi Router 2 (192.168.4.x subnet) for guests is connected to Netgear Switch

Any help appreciated...thanks.

lucazio

@chrisnz
Hello, being of two distinct networks which, I think, should not be able to communicate with each other, the solution is to add an interface to the pfSense router, in your case not physical.
Since your switch is web managed the best thing you can do is to create a VLAN dedicated to the Guest network and use the switch for all your private connectivity. And only for those!
You will find everything you need in the pfSense and Netgear documentation, in the respective sections that talk about VLANs.
Googling I found this which looks a lot like the recommended solution:
pfSense router-on-a-stick VLAN configuration with a Netgear GS108E
I hope it will be useful to you.