Share internet with neighborhood without compromising security



  • I want to setup a pfsence box with 4 nics :

    1. WAN
    2. home network
    3. servers
    4. wireless

    with this i want to setit up in such way that wireless–>WAN is accesable for everyone but i want to cut off bandwitdh for every connection at 512kbps. At the same time i want to be able to use the wireless connection but be able to get on the rest of my network with a secure connection.
    Is this possible without comprimising security on my home network and servers??



  • The only thing that is not doable is to have trafficshaping at more than 2 interfaces, so you can't limit the neighbours to only use 512kbps. For the rest create a block rule at the wireless interface to not allow access to the other suibnets but to wan. Enable the pptp server or enable mobile ipsec clients (depending on what you prefer, pptp is probably easier to set up and most os's support it out of the box whereas you most likely need an additional ipsec client when using ipsec). Then you can tunnel in to your other networks with your own wireless client whereas the others can't access your private subnets and also only see encrypted traffic from your notebook to these subnets.


Locked