Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Setting up a second interface

    General pfSense Questions
    2
    8
    832
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      tgraytnz last edited by

      I run a computer store. We use pfsense as our router, it is bridged to our business class cable modem. I am wanting to setup a second interface, or second-lan, that has dhcp/dns, internet access but no access to the main lan. I have looked for this solution, but have not found anything. I may be using incorrect terminology. Anybody that is willing to help, would be much appreciated. Thanks in advance guys.

      1 Reply Last reply Reply Quote 0
      • Derelict
        Derelict LAYER 8 Netgate last edited by

        It's easy.  Add the interface, create firewall rules on opt1 (guest LAN):

        pass source opt1 net * dest ! lan net *

        (The ! lan net means everything but the lan net, achieved with the "Not" checkbox in the firewall rule)

        Or, I kind of like two rules.  I am of the mind that if you want traffic blocked you should explicitly block it:

        block source opt1 net * dest lan net *
        pass source opt 1 net * dest any *

        I'd also probably add some per-source/dest ip rate limiting on the opt1 pass rule.

        1 Reply Last reply Reply Quote 0
        • T
          tgraytnz last edited by

          Thanks for the help!

          Maybe you can help, I have tried several tutorials to forward ports, still cannot get them open.
          Going through the port forward menu under nat.
          Forward example>
          not disabled
          no rdr not enabled
          interface: wan
          protocol: tcp
          source: not specified
          destination: not specified
          dest port range: from: other ports(alias)
                                    to: other ports (alias)
          redirect targer ip: alias for server
          redirect target port: others: ports(alias)
          description: test ports
          xmlrpc sync not enabled
          nat reflection: system default
          filter rule association: rule "ports" ( associated rule )

          1 Reply Last reply Reply Quote 0
          • Derelict
            Derelict LAYER 8 Netgate last edited by

            @tgraytnz:

            Thanks for the help!

            Maybe you can help, I have tried several tutorials to forward ports, still cannot get them open.
            Going through the port forward menu under nat.
            Forward example>
            not disabled
            no rdr not enabled
            interface: wan
            protocol: tcp
            source: not specified
            destination: not specified
            dest port range: from: other ports(alias)
                                      to: other ports (alias)
            redirect targer ip: alias for server
            redirect target port: others: ports(alias)
            description: test ports
            xmlrpc sync not enabled
            nat reflection: system default
            filter rule association: rule "ports" ( associated rule )

            destination: not specified

            Should probably be WAN Address. I don't see anything else.

            I don't know what your aliases are but the target IP address needs to be on the private network.

            1 Reply Last reply Reply Quote 0
            • T
              tgraytnz last edited by

              @Derelict:

              It's easy.  Add the interface, create firewall rules on opt1 (guest LAN):

              pass source opt1 net * dest ! lan net *

              (The ! lan net means everything but the lan net, achieved with the "Not" checkbox in the firewall rule)

              Or, I kind of like two rules.  I am of the mind that if you want traffic blocked you should explicitly block it:

              block source opt1 net * dest lan net *
              pass source opt 1 net * dest any *

              I'd also probably add some per-source/dest ip rate limiting on the opt1 pass rule.

              Having some issues with setting up those rules. any chance I can get a screenshot?

              1 Reply Last reply Reply Quote 0
              • Derelict
                Derelict LAYER 8 Netgate last edited by

                This is the firewall rule page for my guest VLAN at home.

                ![Screen Shot 2014-01-23 at 10.05.31 PM.png](/public/imported_attachments/1/Screen Shot 2014-01-23 at 10.05.31 PM.png)
                ![Screen Shot 2014-01-23 at 10.05.31 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2014-01-23 at 10.05.31 PM.png_thumb)

                1 Reply Last reply Reply Quote 0
                • T
                  tgraytnz last edited by

                  @Derelict:

                  This is the firewall rule page for my guest VLAN at home.

                  I'm back. I do have a question, I am having some issues with services on the network. I am able to ping certain ip's and connect to some services and not others.
                  Any ideas?

                  1 Reply Last reply Reply Quote 0
                  • Derelict
                    Derelict LAYER 8 Netgate last edited by

                    Be sure you're not dealing with software firewalls on the devices (like windows firewall, symantec, etc).

                    Check the firewall logs to see if subject traffic is being rejected. (Status->System Logs->Firewall)

                    For more than that we'll need more details.

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post

                    Products

                    • Platform Overview
                    • TNSR
                    • pfSense Plus
                    • Appliances

                    Services

                    • Training
                    • Professional Services

                    Support

                    • Subscription Plans
                    • Contact Support
                    • Product Lifecycle
                    • Documentation

                    News

                    • Media Coverage
                    • Press
                    • Events

                    Resources

                    • Blog
                    • FAQ
                    • Find a Partner
                    • Resource Library
                    • Security Information

                    Company

                    • About Us
                    • Careers
                    • Partners
                    • Contact Us
                    • Legal
                    Our Mission

                    We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                    Subscribe to our Newsletter

                    Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                    © 2021 Rubicon Communications, LLC | Privacy Policy