2 Networks to 1 WAN

  • Hello,

    I think i'm in the right subject to post my problem.

    First i will explain the situation which i'm in

    I receive a dynamic IP address from my ISP which i connect to the WAN port of my pfsense. I've just configured the WAN on the pfsense just basic, just set the type to "DHCP".
    After that i gave my LAN interface an ip address of which acts as default gateway for the 10.0.0.x/24 network. Any host connected on this network will receive a DHCP address from the server. and the hosts can connect to the internet

    Until here everything works like it should.

    But now i want to use the OPT1 interface to have a seperate network for guest clients who will connect wireless with their phones, laptops, … it must act like a free hotspot.
    I gave the OPT1 interface an ip address of
    I have access points of unifi where i can send a SSID just over the default vlan which will be secured with a password, and i can send a SSID for the guest network which will be in VLAN 2. That's why i've set my port 22 on the switch untagged vlan 1 and tagged vlan 2. The hosts on the guests network should receive an DHCP address from the pfsense in the 10.0.2.x/24 range. so i've enabled the DHCP server on the pfsense.

    i think i'm right with the physical setup here...?

    but i don't know how to configure the pfsense right to let the 2 different networks have access to the internet. Because when i connect the OPT1 interface i can't access the internet on the different networks.

    can someone help me out here? :)

    i've also added an network diagram http://imageshack.us/photo/my-images/689/screenshot114a.jpg/

    thanks in advance

  • Hi this will work you just need to create a default rule in the firewall section for you second LAN to allow all traffic out then create a block rule before the allow all For any proto source as any destination LAN. This will stop anyone from accessing your LAN

    In firewall section goto you LAN2 for guests create the below

    Block. * * * LAN NET  * * NONE.    Block access to LAN
    Allow. * *    * *          * * NONE     Default allow all out

    You will have to tag the traffic from your switch to your access points some AP's are different like HP where you don't tag VLAN 1 but you do TAG VLAN2 and then Zyxel you have to TAG every VLAN

  • thanks for the reply

    i can try this on monday, and test everything what you said :)

    i will give some feedback if this works!

  • Should be fine keep me posted!!

Log in to reply