Isolated and controlled guest wireless



  • So currently I have a pfSense computer with three NICs. One is the WAN and one is the LAN and is connected to a router. I'd like to connect the last NIC to a micro/portable router that I would like to use as a guest wireless. I'd like to set it up so that the guest wireless is on a different subnet, is isolated from the main network (LAN) as well as prohibits access to certain websites and blocks certain traffic (P2P, etc.). How would I go about doing so? Are there any guides out there to guide me through that?

    Also, instead of using a second router, would it be possible to use one router (mine has DD-WRT) to achieve the guest network requirements I described, without compromising security?



  • No need for another router at all. Just use an AP. If the AP also happens to be a router, then ignore its routing capabilities, leave its WAN port disconnected, disable DHCP server on it, connect an AP LAN port to your 3rd pfSense NIC.
    Configure the 3rd pfSense NIC with a different private subnet, enable it to do DHCP, set firewall rules on that interface to block/pass whatever you like.



  • That's definitely what I'm going end up doing. What about the P2P and website filtering? How would I achieve that?