Separate Network



  • Hello, I have a scenario that I would like some help.

    I have a network the folowing network

    Wan–-PfSense---Switch|----Pc1
                                          |----Pc2
                                          |----Pc3
                                          |----Router AP1|----Pc4
                                                                  |.....Mobiles
                                                                  |.....Pc3

    ---- Cable
    ..... Wirless

    Explain:

    • Pfsense connects to Switch

    • Switch sends Signal to Several PC's

    • Router AP1 haves DD-WRT installed and is used to send wireless signal and connect some more PC's by cable

    I would like to split the Wireless network from the lan, so that I can restrict access to the network, people would have to have the wireless password, or have one of the allowed terminals (MAC Address) to use the LAN cables.

    I can do this on my Wireless AP (DD-WRT), I assign a different subnet to the wireless and the lan, and then in the PFSense I can make rules based on the sub-networks.

    So I would Have:

    • LAN - 192.168.1.0 Network

    • WLAN - 192.168.2.0 Network

    What I would like:

    • To have all the rules in the PFSense

    • Make sure that no one can access the LAN with network 192.168.2.0

    • Make sure that no one can access the WLAN with network 192.168.1.0

    • Manage all rules and in PFSense

    • DHCP for all subnets in PFSense

    • WLAN and LAN can talk freely with each other

    Can I do all this? Can any one help me? Is there a better way to do this? I can't make it work in PFSense?

    Thank you in advance
    Best Regards
    Soloam



  • pfSense cannot control traffic between devices which are connected together directly or via switch!
    Packets can only be controlled by pfSense if they passes its interfaces.

    However, interfaces also may be virtual. So if your Wireless AP and your switch supports VLAN, you can tag the WLAN network in the AP and set up a VLAN interface on pfSense and manage the hole WLAN traffic.



  • This post is a few weeks old so i'm not sure you've fixed this, but….

    If your pfSense box has room for a 3rd NIC (OPT1) then you could configure you network like this

    [WAN]–-PfSense---[LAN]–-Switch|----Pc1
                    |                                  |----Pc2
                [WLAN]                            |–--Pc3
                    |
                    |----------------------Router AP1|----Pc4
                                                                  |.....Mobiles
                                                                  |.....Pc3

    Your rules on your LAN would not change. You would simply configure rules on your WLAN interface to allow the Wireless clients appropriate access out the WAN GW.

    your Wish list would be as follows:

    1.    To have all the rules in the PFSense
    Rules would be set on each individual interface (i.e. WAN, LAN, WLAN)
    2.    Make sure that no one can access the LAN with network 192.168.2.0
    See Comment #6
    3.    Make sure that no one can access the WLAN with network 192.168.1.0
    See Comment #6
    4.    Manage all rules and in PFSense
    See comment #1
    5.    DHCP for all subnets in PFSense
    With a 3rd NIC (OPT1) interface added, you can configure different DHCP rules for each interface
    6.    WLAN and LAN can talk freely with each other
    Points 2 & 3 would be isolated as per my setup suggestion above; but point 6 somewhat contradicts the two subnets not accessing eachother.