Virtual Interface by adding user by MAC Address

  • Sorry if the title isn't match what I'm trying to achieve, but it's fairly hard to explain in short title.

    Now at my setup, I have a pfSense box next to my modems on my first floor. But what I also have is a server running on the second floor. The problem is that I must have wireless access points for guests connected to a hub next to my server, and I only have a single Ethernet cable running from my pfSense box to that hub. So, I can't do things like having separate nics, one for guests and one for my server.

    Basically what I'm trying to do is have 3 groups of subnet:

    • SERVER (DMZ) = GUESTS can't access this subnet but LAN and WAN can.
    • LAN = The users in this group is identified by device's MAC Address. This is a subnet which is like a private home network. Have access to all the subnets.
    • GUESTS = Unsecured wifi, Authenticated by captive portal, have access only to WAN through squid proxy and is blocked from DMZ and LAN.

    I know that is a hard thing to do, but the harder thing is to have another Ethernet cable from pfSense to my server. So, I will do that if it was my last choice.

    I have searched all over the internet and haven't found any solution to this, and this is my first time setting up a firewall like this. So if you have any solution, please let me know. And if it isn't possible then what is my best alternative without having to have another cable.


  • You will have to use VLANs to do that. Put a VLAN switch in place of the ordinary switch (hub) on the first floor. Then you can have 3 VLANs and trunk them on 1 cable back to pfSense. If you are happy to run 100Mbps VLAN trunk to pfSense, then a 100Mbps 8-port VLAN switch is not so expensive.

Log in to reply