2 subnets –One LAN and 2 WANs



  • Hi
    We have ISPs as WAN and OPT1. I have a lan to which all my  machines are attached. One consultant is coming in for a few days and he needs
    access to ONLY one common files machine and the internet. How do I do this. i am running pfsense 2.0 (AMD 64).
    A little more detailed flow will be appreciated.

    Regards
    Kumar



  • If he is on your LAN then you can't.  pfSense is uninvolved in traffic going from the LAN to the LAN.



  • Sorry if it sounds silly.
    Will adding a VLAn switch solve the problem?
    Any other add-on option?

    Regards
    Kumar



  • If you can segregate him to a separate network where L3 routing is required then you would be able to restrict what IPs he can access on your LAN.  I do this with one of my wireless networks.  People are only allowed to access the captive portal for my wireless system and the internet.



  • Hi
    Thank you. CAn you please a bit more detailed. I do have a separate interface that is unused that can be put to use. Is that what you mean?
    What exactly does L3 routing mean?
    If you can out line the steps briefly then I can try to figure it out

    Regards
    Kumar



  • http://en.wikipedia.org/wiki/OSI_model#Layer_3:_network_layer

    L3 would be IP traffic.  If he's on a separate logical network from your LAN then a router (like pfSense) would be required to pass traffic from one to the other and that router could filter what traffic is allowed to pass.

    Set that spare port on your router to a new OPT1 interface, enable DHCP on it, and setup firewall rules on the LAN and OPT1 interfaces to say what traffic can pass through.  If you are using manual outbound NAT then you'll need a rule there as well for this new network.

    Once you've done that, make sure your contractor stays plugged into that new network.



  • Thank you. I will try it out and post the developments

    Regards
    Kumar


Log in to reply