Optional Wifi Setup

  • Hello PFSense'ers.

    I have googled my ass off all day to try and find the answer but after nearly a day of searching and not finding much, i'd thought i would just post instead as maybe someone might have done this before or knows where I might be going wrong.

    I have just installed PFSense and in my installation I have 3 physical interfaces.

    • One connecting to Internet via modem PPTP (WAN)
    • One for my Internal Lan (LAN) (Static NIC IP, DHCP to clients via 192.x.x.x addressing)
    • One for dedicated WLAN network (WL) (Static NIC IP, DHCP to clients via 10.x.x.x addressing)

    On the WLAN network, I have setup DHCP to dish out the IPs and have set a static ip on an old wireless router for wireless devices. This will allow DHCP to flow through it from the PFSense interface direct to any wireless devices that connect requesting an IP.  My idea was to setup the wireless network to only permit direct internet access and deny any LAN side access. This will ensure that any cyber attacks over wireless will only effect devices on the wireless subnet, rather than simply add the WAP to the LAN segment then have everything available. I have also setup seperate vlans on my switch for LAN and WLAN traffic and have the ports plugged into the right vlans for the WLAN/LAN access.

    Where I am coming unstuck is I have no internet connectivity over the wireless network. I am connected to the wireless network with a mobile device, I have a 10.x.x.x address from PFSense, but cannot access any internet website.

    I have looked at bridging, routes and even tried a new install, but no avail.

    Could anyone shed some light on what I may be missing?    Thanks in advance.

  • Do you have a pass rule for WL to WAN?

    Is DNS setup correctly?

  • LAYER 8 Netgate

    For a guest network you pass what you specifically want them to access locally (like DNS).
    Then you block what you don't want them to access locally (like LAN)
    Then you pass everything else (the internet)

    ![Screen Shot 2015-07-12 at 11.09.59 PM.png](/public/imported_attachments/1/Screen Shot 2015-07-12 at 11.09.59 PM.png)
    ![Screen Shot 2015-07-12 at 11.09.59 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2015-07-12 at 11.09.59 PM.png_thumb)

  • Thanks for the advice. All working now! cheers.

    I added the rules and it worked.  ::)