Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Simple Question

    Scheduled Pinned Locked Moved General pfSense Questions
    5 Posts 3 Posters 1.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      Nonsense
      last edited by

      I have three Ethernet interfaces on my pfsense box: one for my existing WAN, one for my existing LAN, and an (up until now) unused interface.  Suppose that I wanted to create another LAN on my unused interface that behaves just like my existing LAN, but is completely isolated from it (e.g., to host a community Wi-Fi network that is secure from my home network).  In this configuration, both LANs could access the internet with my existing WAN rules, but the two LANs would be secure from each other.  How would I do it?

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        Firewall rules on your new interface:

        Pass the specific traffic you want them to be able to use (like DNS, perhaps)
        Block the specific traffic to things you don't want them to be able to use (Destination This Firewall, Destination LAN net)
        Pass the traffic to everything else (the internet)

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • N
          Nonsense
          last edited by

          I was kind of hoping for an answer that spelled out specific instructions.

          1 Reply Last reply Reply Quote 0
          • DerelictD
            Derelict LAYER 8 Netgate
            last edited by

            Those are specific instructions.  I can't tell you exactly what to do because I have no knowledge of your subnetting scheme, or what you actually want it to accomplish.  Every network is different.

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • P
              phil.davis
              last edited by

              Interfaces->Assign - add the OPT1
              Enable OPT1 with some other static IPv4/netmask
              Put rules on OPT1 like:
              block source any destination this firewall
              block source any destination LANnet
              pass source OPT1net destination any

              If you want to stop LAN devices reaching OPT1, then put a rule at the top of LAN to block source any destination OPT1net.

              As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
              If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.