Pfsense with only one network board

brunow

I have the following problem:

I want to use my computer, which has only one network board, to act as a firewall for my network. I installed pf sense on it.

The network board is connected to a switch port that is in trunk mode, passing vlans 10 and 20.

Vlan 10 should act as LAN and 20 as WAN.

In order for the traffic from vlan 10 to be directed to my pf sense, I have a Mikrotik that directs all traffic from vlan 10 to pf sense. pf sense is the dhcp server for vlan 10 and the gateway as well. I applied the captive portal to vlan 10, but the problem is that my clients in vlan 10 are not redirected to the login page. I looked at dhcp leases and they receive an IP from my pf sense. To test the functionality of my captive portal, I put the IP of my user from vlan 10 in "allowed IP address" and he accessed the internet. After that, I removed the user's IP from "allowed IP address" and his internet stopped working, that is, the captive portal works but the login screen does not appear. What should I look at to see why the login screen does not appear?

coxhaus

This is not the best way to go. You really want 2 ports on a firewall.
It is called router on a stick if you want to look it up in terms of firewalls and security

brunow

@coxhaus I didn't know this term yet, router on a stick, thanks for that. But in the pf sense documentation, it will treat every interface that doesn't have a gateway configured as LAN, so it's possible to apply the captive portal, I think. The only question I have is why the client isn't being redirected.

Note: As I said before, the captive portal works for clients in vlan 10, they just aren't redirected to the login page.

Gertjan

@brunow said in Pfsense with only one network board:

I have the following problem:

I want to use my computer, which has only one network board, to act as a firewall for my network. I installed pf sense on it.

The network board is connected to a switch port that is in trunk mode, passing vlans 10 and 20.

Vlan 10 should act as LAN and 20 as WAN.

That's more the enough keywords to find the solution in one click :

Youtube pfsense VLAN one nic

I added the keyword 'Youtube', I guess you know why.

But ... because you've decided to do it the "hard way" => you need a switch that is VLAN capable. Examples of these are mentioned in the video.
You have to set up the switch, so it matches the VLAN setup of pfSense.
"It can be done"

Btw : the video's mention a LAN and a WAN on the switch.
But don't stop there, these switches have at least 5 ports, so you can create another interface named 'portal'.
Example : on the switch you will have one WAN port.
One Portal port. => goes to your AP.
and the other ports left over are all 'LAN (switched).

brunow

@Gertjan Thanks, man. You really help me