Single WAN, Multi LAN. No internet on second LAN



  • Hey guys, i'm new to PFSense and have a question.

    My Setup looks like this

    PFSense 2.0.1 Release

    Four physical NICS:

    1. WAN
    2. LAN (192.168.0.1/24)
    3. OPT1 (192.168.1.1/24)
    4. not assigned at the moment

    I have DHCP enabled on both LAN and OPT1.

    LAN i have full network access and internet access is fine.

    OPT1 I have no internet and can't ping out. DHCP is assigning IP"s just fine.

    I've been reading about having to add a firewall rule to OPT1 to allow outgoing traffic but i i'm not sure what to add. (new to this)

    Currently, both LAN and OPT1 are setup identical with different subnets. My end goal is to have OPT1 with internet access but no network access to the LAN.

    OPT1 is going to run a few public workstations i have along with a public WiFi.

    Edit: I did try disabling "Block private networks" on WAN per a suggestion i read on here. Also tried the basics, different ethernet cable, different NIC, same results.

    OPT1 is just plugged in to a known-working dumb switch, connected to a laptop. (same setup i used to test out LAN before i put the box in to production)

    anyone with any ideas? Thanks guys!



  • I thought this was created by default but if not:
    If you look at the LAN tab, then the OPT1 tab they should look the same. 1 rule each.

    Select from the Menu: Firewall -> Rules then click the OPT1 tab. There should be 1 rule, which is the same as the under the LAN tab, except that it is named OPT1.

    • OPT1 net * * * * none   Default allow OPT1 to Any rule

    If not add it by clicking the little '+' sign in the small grey button to the right and it will open a rule form, 'e' to edit.
    Select the following:
    Interface: 'OPT1'
    Protocol: 'Any'
    Source: 'OPT1 subnet'
    Destination: 'Any'
    Description: 'Default allow OPT1 to Any rule' This will allow everything outbound.

    If there is a rule pointing to LAN you may want to remove this, or modify it to allow only the traffic to access particular services.



  • @mibovrd:

    I thought this was created by default but if not:
    If you look at the LAN tab, then the OPT1 tab they should look the same. 1 rule each.

    Select from the Menu: Firewall -> Rules then click the OPT1 tab. There should be 1 rule, which is the same as the under the LAN tab, except that it is named OPT1.

    • OPT1 net * * * * none   Default allow OPT1 to Any rule

    If not add it by clicking the little '+' sign in the small grey button to the right and it will open a rule form, 'e' to edit.
    Select the following:
    Interface: 'OPT1'
    Protocol: 'Any'
    Source: 'OPT1 subnet'
    Destination: 'Any'
    Description: 'Default allow OPT1 to Any rule' This will allow everything outbound.

    If there is a rule pointing to LAN you may want to remove this, or modify it to allow only the traffic to access particular services.

    Thank you, kind internet stranger! The firewall rule got me up and running. Now off to play with the captive portal…

    i need a nap.



  • Thanks, any time. Have fun with CP.

    Want to play games, via pfsense at home?

    see: http://www.cqrite.com/2012/pfsense-2-0-1-and-gaming/


Log in to reply