Share internet connection only on two LANs



  • Hi

    I'm fairly new to pfsense. Currently using version 1.2.3. For now I have only two NICs, WAN and LAN. On the LAN side, I have my PCs and a server for HTTP and FTP etc, plus a WL AP. I will put in another NIC so that I have one for my LAN and one for the AP. The AP is sharing internet for my tenants. Now, I don't want my tenants to have access to my LAN, hence the need of an extra NIC. I will set my LAN1 to 192.168.1.xxx and the tenants AP on LAN2 to 192.168.2.xxx. The pfsense box will do DHCP for both LANs.

    How can I set the FW rules to only allow access to WAN from LAN2? I don't need access to LAN2 from LAN1, so I guess both LANs can be set to only access WAN. I still need to NAT ports to the LAN1 server.

    I also want to limit the bandwith to LAN2. Is this possible with v 1.2.3 or do I have to upgrade to 2.0? n any case, how do I set this up?

    Thanks,

    Ketil



  • I would have to test but I think by default traffic would not be allowed from your new OPT1 interface to the LAN and vise versa.  Its an easy test for you to do.  Put the NIC in, setup the interface, hook a computer rather than the AP up to it and try to ping back to the LAN.

    As for the bandwidth limiting when you walk thru the wizard simply choose the optional interface rather than the LAN for your local side and it should work.



  • for your first question, on the LAN2 tab, add a rule:

    Action: Block
    protocol: ANY
    Source: LAN2 Subnet
    Destination: LAN1 Subnet



  • Thanks, I'll give it a try.

    cheers,
    Ketil



  • I have your very setup working at my house. Here are my rules.

    under LAN:
    PASS:      * LAN net * ! WIRELESS net * * none

    under WIRELESS (Opt1)
    PASS       * WIRELESS net * ! LAN net * * none

    @ketiljo:

    Hi

    I'm fairly new to pfsense. Currently using version 1.2.3. For now I have only two NICs, WAN and LAN. On the LAN side, I have my PCs and a server for HTTP and FTP etc, plus a WL AP. I will put in another NIC so that I have one for my LAN and one for the AP. The AP is sharing internet for my tenants. Now, I don't want my tenants to have access to my LAN, hence the need of an extra NIC. I will set my LAN1 to 192.168.1.xxx and the tenants AP on LAN2 to 192.168.2.xxx. The pfsense box will do DHCP for both LANs.

    How can I set the FW rules to only allow access to WAN from LAN2? I don't need access to LAN2 from LAN1, so I guess both LANs can be set to only access WAN. I still need to NAT ports to the LAN1 server.

    I also want to limit the bandwith to LAN2. Is this possible with v 1.2.3 or do I have to upgrade to 2.0? n any case, how do I set this up?

    Thanks,

    Ketil


Log in to reply