Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Multiple LAN networks

    Scheduled Pinned Locked Moved General pfSense Questions
    7 Posts 3 Posters 2.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      JaredKat
      last edited by

      Hello there to all.

      This is one of my first posts, and before I begin, I will say that I am experienced with networking and am not new to it, but I am new to using pfSense.

      So, what I basically wish to do is to set up multiple LAN networks to the box. I have mutliple NIC's installed on the box, I would like to know how to get this to work. I have one LAN that I have set up for servers and my VM box, and I would like to have a second network for my own personal use with a wireless AP. I would like to make it so that if any guests or whatnot were to connect to my personal network, they would not be able to get into the server network. That is the basic premise of this project.

      If I could know how to get this to work, that would be amazing. Thank you.

      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        That's no problem.
        Just assign the second NIC and enable it, it will show initially as OPT1 but rename it if you want. Then set it as type 'static' and give it an IP address and subnet different to your LAN. Add DHCP to the new subnet if you wish. Then add firewall rules to allow traffic from the new subnet to connect to the internet or where ever you want. By default there will be no rules and everything will be blocked. If you don't want clients on OPT1 to access machines on LAN then simply don't add rules to allow that.
        I have a similar interface setup to allow guest wifi clients. The firewall rules on that interface allow traffic with destination 'NOT local subnets' and an exception that allows access to the DNS forwarder on the interface.

        Steve

        1 Reply Last reply Reply Quote 0
        • J
          JaredKat
          last edited by

          Alright, that got me started into this.

          Currently I still don't seem to be getting internet access to the OPT1 interface. I copied the same firewall rule from the LAN interface over to the OPT1 interface.

          My subnet for LAN is the 10.0.0.0/8 subnet and I have my personal network set to the 192.168.1.0/24 subnet. DHCP is provided to OPT1, and still no internet access through PING. The client on OPT1 is also unable to ping the 192.168.1.1 address of the pfSense box on that interface.

          The firewall config for OPT1 is as follows:
          Action: Pass
          Disabled: Unchecked
          Interface: OPT1
          Protocol: any
          Source: OPT1 subnet
          Destination: any
          Log Packets: Unchecked
          Description: OPT1 allow all outbound

          The OPT1 config is as follows:
          Enable: Checked
          Description: OPT1
          Type: Static
          MAC, MTU and MMS are blank
          IP address: 192.168.1.1/24
          Gateway: None

          1 Reply Last reply Reply Quote 0
          • W
            wallabybob
            last edited by

            @JaredKat:

            Currently I still don't seem to be getting internet access to the OPT1 interface. I copied the same firewall rule from the LAN interface over to the OPT1 interface.

            It is usually necessary to reset firewall states after major firewall rule changes. See Diagnostics -> States click on Reset states tab read and take appropriate action.

            If you haven't already done so, restart or otherwise reset the computer on the OPT interface to make sure it acquired its network configuration by DHCP from pfSense.

            1 Reply Last reply Reply Quote 0
            • stephenw10S
              stephenw10 Netgate Administrator
              last edited by

              I would not expect to have to reset the firewall states simply after adding an interface, I did it yesterday and didn't need to, but it's easy to do so try that.
              It looks like you're doing everything right. Check the firewall logs to see if your connection attempts are being blocked. Check the DHCP supplied IP info given to your client machine. When you ping the OPT1 interface what response do you get? No route? 100% loss?.
              It's easy enough to typo some setting, I've done it many times.  ;)

              Steve

              1 Reply Last reply Reply Quote 0
              • W
                wallabybob
                last edited by

                User reported
                @JaredKat:

                Currently I still don't seem to be getting internet access to the OPT1 interface. I copied the same firewall rule from the LAN interface over to the OPT1 interface.

                so more was done than add the new interface.

                @stephenw10:

                I would not expect to have to reset the firewall states simply after adding an interface, I did it yesterday and didn't need to, but it's easy to do so try that.

                It is not clear to me exactly what you are reporting:

                • you added a new interface through the web GUI and were still able to access the internet through the LAN interface

                • you added a new interface through the web GUI and no firewall rules on the new interface and were able to freely access the internet through the new interface

                • something else

                1 Reply Last reply Reply Quote 0
                • stephenw10S
                  stephenw10 Netgate Administrator
                  last edited by

                  Sorry, to be clear:
                  I added a new interface by assigning it - the NIC was already in the box.
                  I enabled it, added IP info, enabled dhcp and added an allow all firewall rule.
                  Then I connected a client and had internet access.

                  However I am prepared to believe that doing that in a different order or applying changes half way through could introduce a state that needs resetting.

                  Steve

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.