Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Optional Wifi Setup

    Scheduled Pinned Locked Moved Wireless
    4 Posts 3 Posters 1.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      hyperdallas
      last edited by

      Hello PFSense'ers.

      I have googled my ass off all day to try and find the answer but after nearly a day of searching and not finding much, i'd thought i would just post instead as maybe someone might have done this before or knows where I might be going wrong.

      I have just installed PFSense and in my installation I have 3 physical interfaces.

      • One connecting to Internet via modem PPTP (WAN)
      • One for my Internal Lan (LAN) (Static NIC IP, DHCP to clients via 192.x.x.x addressing)
      • One for dedicated WLAN network (WL) (Static NIC IP, DHCP to clients via 10.x.x.x addressing)

      On the WLAN network, I have setup DHCP to dish out the IPs and have set a static ip on an old wireless router for wireless devices. This will allow DHCP to flow through it from the PFSense interface direct to any wireless devices that connect requesting an IP.  My idea was to setup the wireless network to only permit direct internet access and deny any LAN side access. This will ensure that any cyber attacks over wireless will only effect devices on the wireless subnet, rather than simply add the WAP to the LAN segment then have everything available. I have also setup seperate vlans on my switch for LAN and WLAN traffic and have the ports plugged into the right vlans for the WLAN/LAN access.

      Where I am coming unstuck is I have no internet connectivity over the wireless network. I am connected to the wireless network with a mobile device, I have a 10.x.x.x address from PFSense, but cannot access any internet website.

      I have looked at bridging, routes and even tried a new install, but no avail.

      Could anyone shed some light on what I may be missing?    Thanks in advance.

      1 Reply Last reply Reply Quote 0
      • G
        gjaltemba
        last edited by

        Do you have a pass rule for WL to WAN?

        Is DNS setup correctly?

        1 Reply Last reply Reply Quote 0
        • DerelictD
          Derelict LAYER 8 Netgate
          last edited by

          For a guest network you pass what you specifically want them to access locally (like DNS).
          Then you block what you don't want them to access locally (like LAN)
          Then you pass everything else (the internet)

          ![Screen Shot 2015-07-12 at 11.09.59 PM.png](/public/imported_attachments/1/Screen Shot 2015-07-12 at 11.09.59 PM.png)
          ![Screen Shot 2015-07-12 at 11.09.59 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2015-07-12 at 11.09.59 PM.png_thumb)

          Chattanooga, Tennessee, USA
          A comprehensive network diagram is worth 10,000 words and 15 conference calls.
          DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
          Do Not Chat For Help! NO_WAN_EGRESS(TM)

          1 Reply Last reply Reply Quote 0
          • H
            hyperdallas
            last edited by

            Thanks for the advice. All working now! cheers.

            I added the rules and it worked.  ::)

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.