Passing WLAN users to behind the firewall



  • Good evening all! I've had a fun day of getting pfsense up and running as a load balancer, which works beautifully by the way, and I've run into a bit of a puzzle.

    The WAN1 connection is a wireless router, and up until now every user with a laptop has connected onto it and therefore the network resources (file server, network attached printers and so on). However! Now pfsense is there everything is behind the firewall, which works for me as it's an extra layer of security and so on, but it means the wireless users will shout at me tomorrow when they can't print.

    Anyone got any ideas? I followed the excellent tutorial on the wiki and ended up with the internal IPs structure like this: pfSense = 192.168.0.1 (works as our printers are all on a static 192.168.0.x group); WAN1 (the important, wireless one) 192.168.10.254 and WAN2 192.168.20.254.

    I've tried searching but I honestly can't think of the right combination of words. There's an emailed picture of a pint for the solution!



  • Unfortunately, the security isn't very secure when you need to allow all those users through the firewall - can't you just put a WAP behind the pfsense?  Alternatively, have them install VPN client software and make the pfsense a VPN gateway, but that is a huge pain.



  • I was thinking of the WAP route but I don't have one handy. I keep thinking I've missed something, maybe if I change the WLAN DHCP range and allow say 15 connections through on the pfsense firewall? But then I'm guessing I'd need to do something funky like change it so there's something else mapping their IP addresses (192.168.10.x) to allow them access to the network resources.



  • No, please, this is an absolute nightmare waiting to happen :(  Just go to best buy (or whatever you have handy) and shell out $60 for a wireless router, disable its DHCP and WAN and voila instant WAP.



  • What is the purpose of the existing wireless router? Can you connect the WAN directly to pfSense and then use the wireless router as an AP behind pfSense instead (as described by danswartz)?



  • It's serving the WAN1, but danswartz is right and it would be an absolute nightmare of a hideously hideously bad setup. So bad the raptors will get me.

    We've actually got some spare ADSL wireless routers, but it didn't want to play nice when I tried it last night. Might have another try and see if I can find a way to get it to work.

    Incidentally, pfSense is pretty damn awesome, normally our connection dies as soon as 9 o clock comes but the load balancer has worked like a dream.


Log in to reply