4 INTERFACES: 1 LAN+ 3 WAN, need wifi of a router WAN with dhcp LAN Network,How?



  • Hi all!

    I have a PFSENSE box with four nics (five in total, one free) with this configuration:

    LAN: 192.168.1.X (dhcp ON)
    WAN1: 192.168.2.X (router1 with WIFI B/G, dhcp OFF)
    WAN2: 192.168.3.X (router2 with WIFI B/G/N, dhcp OFF)
    WAN3: 192.168.4.X (router3 with WIFI B/G/N, dhcp OFF)

    Addicionaly, I have configured fail-over and load balancing wan…

    My problem is I need to use the wifi of Router2 or Router3 to connect my lan wifi clients conect to LAN Network 192.168.1.X

    I know that a good solution is introduce a AP in the LAN but is not possible.

    What options I have with this configuration?

    Regards and thanks!



  • It will not be secure for WAN2/WAN3 WiFi clients because they can always set their own IP address in WAN2/WAN3 subnet, and their gateway to the actual WAN2/WAN3 gateway, and thus get directly out to the internet themselves.
    But you can do this (example for WAN2, repeat for WAN3):

    • turn off DHCP on WAN2 router (LAN side)
    • turn on DHCP on pfSense WAN2 and give it some pool say 192.168.3.200-240
    • change to manual outbound NAT, add NAT rule on WAN1, WAN2 and WAN3 for source WAN2net (so it looks like the LANnet rules.)
    • add pass rules on WAN2 to allow the traffic in from WAN2net WiFi clients

    Now a WAN2 WiFi client will get an IP address in WAN2 from pfSense and be given pfSense WAN2address as its gateway and DNS. It will talk to pfSense WAN2address in the same way that LAN clients talk to LANaddress.

    pfSense will NAT the stuff from WAN2 clients back out whatever WAN it wants to use (WAN1, WAN2, WAN3) - you can use gateway groups in your rules and WAN2 to control all that just like on LAN.

    Returning packets will come back to pfSense, pfSense will unNAT them and deliver back to the WiFi clients.

    It seems unusual, but actually it works.

    If the real router on WAN2 has any filtering functionality, then you can just allow from pfSense WAN2addres only, and block everything else. That prevent clients that ignore DHCP and set their own IP address from actually getting out. You can also turn off any DNS in that front-end device to further frustrate naughty clients. (And of course set your pfSense to use particular upstream DNS that you want, bypassing any DNS in the front-end router



  • Thanks for your help!

    I configure all as  your words but not lucky, dhcp not work.

    From wan net able ping to lan, ok.

    From client, i configure manually with ip 192.168.3.10 and gateway 192.168.3.2 (interface wan2 of pfsense), and work ok, is possible ping to lan and work internet.

    The problem is dhcp, not work and is active in pfsense (interface wan 2). Assing me ip generic:

    Log of pfsense register this:

    Nov 25 20:00:36 WAN_VODAFONE_4G Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 169.254.34.122:137 Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 169.254.255.255:137

    Any Ideas? I can´t to admin menu of Router.

    Thanks.

    Regards.