2 Networks to 1 WAN

    I receive a dynamic IP address from my ISP which i connect to the WAN port of my pfsense. I've just configured the WAN on the pfsense just basic, just set the type to "DHCP".
    After that i gave my LAN interface an ip address of which acts as default gateway for the 10.0.0.x/24 network. Any host connected on this network will receive a DHCP address from the server. and the hosts can connect to the internet

    But now i want to use the OPT1 interface to have a seperate network for guest clients who will connect wireless with their phones, laptops, … it must act like a free hotspot.
    I gave the OPT1 interface an ip address of
    I have access points of unifi where i can send a SSID just over the default vlan which will be secured with a password, and i can send a SSID for the guest network which will be in VLAN 2. That's why i've set my port 22 on the switch untagged vlan 1 and tagged vlan 2. The hosts on the guests network should receive an DHCP address from the pfsense in the 10.0.2.x/24 range. so i've enabled the DHCP server on the pfsense.

    but i don't know how to configure the pfsense right to let the 2 different networks have access to the internet. Because when i connect the OPT1 interface i can't access the internet on the different networks.

    i've also added an network diagram http://imageshack.us/photo/my-images/689/screenshot114a.jpg/

  • Hi this will work you just need to create a default rule in the firewall section for you second LAN to allow all traffic out then create a block rule before the allow all For any proto source as any destination LAN. This will stop anyone from accessing your LAN

    In firewall section goto you LAN2 for guests create the below

    Block. * * * LAN NET  * * NONE.    Block access to LAN
    Allow. * *    * *          * * NONE     Default allow all out

    You will have to tag the traffic from your switch to your access points some AP's are different like HP where you don't tag VLAN 1 but you do TAG VLAN2 and then Zyxel you have to TAG every VLAN

