Isolated WLAN interface
-
Hello, i have added a new interface in my pfsense where i connect my wireless AP. I would like to create rule to isolate lan from wlan and both must have internet access.
So i create this rules:
-Modify Lan net to any for a LAN net to LAN net
-Create LAN net to WAN net all-create WLAN net to WLAN net all
-create WLAN net to WAN net all.but when i do this my interface(lan or wlan) doesn'T seem to get internet acces. i probably miss something but what???
can anyone help me???
Thank you
arist0v
-
Yeah those rules make no sense, and woudln't even allow internet access if states where cleared since internet is way more than your wan net.. Unless you were using a proxy on that network you wouldn't even get to the internet that way.
That lan to lan rule is useless since nothing on lan talks to pfsense to get to lan, you talk to your gateway to get off the lan - not to talk to devices on the same segment.
So change your default any any rule to dest to ! wlan net, this allows lan to talk to anything it wants other than wlan net..
On wlan net edit allow rule dest to ! lan net - this allows it to go wherever it wants other than lan net
So see 2nd pic for example - I allow my ipad IP to go where it wants on lan, I allow my ap to talk to lan - this was a temp rule for bandwidth testing - should remove that. I allow wlan clients to talk to my ntp server on the lan. Then after that they can go where they want as long as not the lan segment. Ie they can go to internet, and my dmz segment.
-
Thank you, i will test it this evening!!!i understand why you are hero member ;-)
-
Keep in mind if you have any existing states before you put in the rules that traffic would still be allowed. You can reset the states, you can kill any specific states or you could just reboot pfsense.
If you still have issues - please post up your lan and wlan rules and we take take a deeper look see.
-
Thank's, i have made the test and now all work as i wish!!!
