Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Passing WLAN users to behind the firewall

    Scheduled Pinned Locked Moved Wireless
    6 Posts 3 Posters 2.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      cybershrike
      last edited by

      Good evening all! I've had a fun day of getting pfsense up and running as a load balancer, which works beautifully by the way, and I've run into a bit of a puzzle.

      The WAN1 connection is a wireless router, and up until now every user with a laptop has connected onto it and therefore the network resources (file server, network attached printers and so on). However! Now pfsense is there everything is behind the firewall, which works for me as it's an extra layer of security and so on, but it means the wireless users will shout at me tomorrow when they can't print.

      Anyone got any ideas? I followed the excellent tutorial on the wiki and ended up with the internal IPs structure like this: pfSense = 192.168.0.1 (works as our printers are all on a static 192.168.0.x group); WAN1 (the important, wireless one) 192.168.10.254 and WAN2 192.168.20.254.

      I've tried searching but I honestly can't think of the right combination of words. There's an emailed picture of a pint for the solution!

      1 Reply Last reply Reply Quote 0
      • D
        danswartz
        last edited by

        Unfortunately, the security isn't very secure when you need to allow all those users through the firewall - can't you just put a WAP behind the pfsense?  Alternatively, have them install VPN client software and make the pfsense a VPN gateway, but that is a huge pain.

        1 Reply Last reply Reply Quote 0
        • C
          cybershrike
          last edited by

          I was thinking of the WAP route but I don't have one handy. I keep thinking I've missed something, maybe if I change the WLAN DHCP range and allow say 15 connections through on the pfsense firewall? But then I'm guessing I'd need to do something funky like change it so there's something else mapping their IP addresses (192.168.10.x) to allow them access to the network resources.

          1 Reply Last reply Reply Quote 0
          • D
            danswartz
            last edited by

            No, please, this is an absolute nightmare waiting to happen :(  Just go to best buy (or whatever you have handy) and shell out $60 for a wireless router, disable its DHCP and WAN and voila instant WAP.

            1 Reply Last reply Reply Quote 0
            • K
              ktims
              last edited by

              What is the purpose of the existing wireless router? Can you connect the WAN directly to pfSense and then use the wireless router as an AP behind pfSense instead (as described by danswartz)?

              1 Reply Last reply Reply Quote 0
              • C
                cybershrike
                last edited by

                It's serving the WAN1, but danswartz is right and it would be an absolute nightmare of a hideously hideously bad setup. So bad the raptors will get me.

                We've actually got some spare ADSL wireless routers, but it didn't want to play nice when I tried it last night. Might have another try and see if I can find a way to get it to work.

                Incidentally, pfSense is pretty damn awesome, normally our connection dies as soon as 9 o clock comes but the load balancer has worked like a dream.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.