Dual Lan, Single WAN confusion



  • Hi,

    Hoping we can get some quick help here - I'm trying to set up pfSense to be the sole firewall for our company rather than using multiple versions of Smoothwall Express but have quickly got stuck!

    The set up we have is:

    1 LAN (LAN1) of 10 PC's with own DHCP server, running on the 192.168.2.x range
    1 LAN (LAN2) of 20 PC's which require pfSense to act as DHCP client on the 192.168.1.x range
    1 DSL router with 5 static IP's

    And what we'd like to achieve is:

    • Both LANs have Internet Access.
    • Neither LAN can see each other.
    • Custom NAT / Firewall rules per LAN
            - LAN1 is to be highly secure, filtered web access, minimal open ports etc
            - LAN2 is to less secure although still protected by the usual Firewall gumph.
    • LAN1 & LAN2 need different outbound public IP's (e.g. LAN1 has x.x.x.146 and LAN2 and x.x.x.147)

    The problems we face at the moment is that it appears pfsense sees LAN2 as a WAN connection, LAN1 can see LAN2 (but not vice-versa), LAN2 can do dns-lookups but no pings or access to the outside world…

    We did manage to get LAN2 to connect to the Internet by disabling "Block Private Networks" and "Block Bogon" networks from the WAN firewall rules, but this isn't ideal...

    I guess, by first question is - can pfSense do what we need it to do, and if so, how?!?

    Thanks!!!!

    I have configured our hardware with 3 NIC's and attached each to a seperate switch / interface, created rules etc but can't seem to



  • @bobbob2:

    And what we'd like to achieve is:

    • Both LANs have Internet Access.

    In pfSense you three interfaces will initially be called LAN, WAN and OPT1. LAN will default to allow internet access. You can add firewall rules for OPTx interfaces to allow internet access.

    • Neither LAN can see each other.

    Add firewall rule to the LAN interfaces to block access from OPT1, add firewall rules to OPT1 interface to block access from LAN.

    • Custom NAT / Firewall rules per LAN
            - LAN1 is to be highly secure, filtered web access, minimal open ports etc
            - LAN2 is to less secure although still protected by the usual Firewall gumph.

    Custom firewall rules per interface is definitely possible. Not sure what you mean by "custom NAT".

    • LAN1 & LAN2 need different outbound public IP's (e.g. LAN1 has x.x.x.146 and LAN2 and x.x.x.147)

    I don't know if this is possible.

    Have you read through some of the tutorials linked to be http://doc.pfsense.org/index.php/Tutorials or any of the documentation linked to by http://doc.pfsense.org/index.php/Main_Page?


Log in to reply