Using physical WAP on pfSense whitebox



  • Hello everyone.

    I have a pfSense box running on an older Dell desktop.  It is the gateway for my Windows network and it does Multi-WAN balancing.

    I want to know the feasibility of directly connecting a Wireless Access Point to ethernet on the pfSense box and only allowing the traffic connected to it to go straight out through the WAN connections.  In other words, it becomes direct guest access to the Internet without giving connected users the ability to see network resources.

    I have a trendNET WEP653AP and an available Eth connection on the pfSense box.  The trendnet WAP has the ability to manage DHCP.

    Can someone provide some guidance?



  • I have a somewhat similar setup for my home network, except I use an Alix box and an Engenius WAP with 2 SSID's: one bridged to lan and the second (bound to a separate Vlan) with just internet access, isolated from LAN.

    In your case, just connect the AP to the available port on your pfSense box and set the firewall rules accordingly. Personally I would let pfSense manage the DHCP stuff just to keep things simple.



  • Right now pfSense does not handle any of the DHCP for the network.  It's all handled by the Windows servers.

    Does anyone have an idea about what the Firewall rules would look like for this?

    For Reference I have :

    • LAN

    • WAN1

    • WAN2

    • WAP

    Where WAN1 and WAN2 are my (obviously) my two WAN connections and LAN is my LAN.  I would like to have all WAP traffic isolated from the LAN so that there's no possibility of accessing network resources through that connection.


Log in to reply