• Hello, First off I own a router which is connected to the Internet and I currently I have this plumbed into a switch to serve my clients on my LAN.

    I would like to go away from this option and have decided to use PFsense to add some traffic shaping and a more extensive firewall for my LAN. So far The PFsense box is working, but I think I have configuration issues on OPT1 interface.

    What I would like to do if possible is have my PFsense box, connected to my BT router via the WAN NIC, and then be able to output the Internet on my LAN, and OPT1 interfaces using different subnets if possible… (i have two LANs, I would like to isolate them both, and apply traffic rules etc. I dont want clients in the engineering dept network to see the accounts dept network etc.)

    For example;
    WAN is connected to the BT router and is assigned an address via the routers built-in DHCP. (THIS WORKS OK)
    LAN is setup to and DHCP is enabled so I can plug this into a switch for my clients. (THIS WORKS OK)
    OPT1 is setup to and DHCP is enabled. However has some connectivity issues...

    When I connect my PC to the LAN port, it works fine, I get an IP and can ping outside addresses no problem.

    However On OPT1, when I connect the PC to it, it can obtain an ip address and a gateway address, but for some reason I cannot ping any outside networks or access the Internet.

    What I am looking for is a method/instructions I can follow to achieve this objective. I would think this is a simple task, Perhaps I am forgetting to do something if so I would be most grateful for correction/advice.

    I have been scratching my head all afternoon regarding this issue. ???


  • By default no traffic will be permitted on the OPT, need firewall rules for anything to pass.

  • Cheers, I had a feeling this was the problem, I applied the rules accordingly, as there were none in place. This helped. Thanks. 8)

    I have another question, If i wanted to DMZ my router and point that towards my PFsence Box IP, I take it I would have to setup the WAN interface to have a static IP?

    The issue I am having is that I have tried to do this, but for some reason only DHCP mode on the WAN interface seems to allow me to connect to the internet.

    If I set the WAN interface to have a static IP ( - which is on the sub-net of the router) for instance my LAN and OPT1 cannot ping outside addresses. Perhaps again i'm forgetting something. ???

    Please give me some pointers.