Public seperate wifi..



  • Hi, i have this i5 enabled computer with 16GB ram if it does any matter to my question here:

    I probably want to use pfSense installed on a ssd or external usb.
    I want my own lan be private to my lan like i have now.
    But i also want to hook up a authenticate-free AP for whoever wants to use it, but they shall NOT be able to connect/browse/interact with my own private network.
    I have a manageble/vlan 8-port switch.
    I can have access to 2 WAN-ports directly to internet (+1 lan, or 2wan/1wan) (<– 3 nics)
    I have 250/100 Gbit.
    I wish to use some QoS-setup so that my private Lan always have priority over the public one, so if my lan uses alot of the speed, public gets slowed down in favor for private lan.

    My private lan with be permanently connected to a VPN service, but i was thinking the public would also be connected to the vpn service, but using their own openvpn config. (not much part of the Q, but some relevance).

    How would i best go about to create this setup and how can i really test that it actually works like i really want?
    Also, on the public AP/WLan/Lan side, can i put in domain/url filtering, so they will not be able to visit certain sites I personally dont like(yes, censor-r-me :D).

    I currently running my vpn service custom nanobsd/pfSense setup, its all read only "hard core", so i probably will move to a more "vanilla" of pfSense and then apply openvpn settings manually.



  • Hello,

    please buy a Switch L2 or L3 likes your budget allows you and then you will have 2 WAN Interfaces
    and 1 LAN Interface and on the LAN interface you should connect the switch and set up then 2 VLANs
    one for public and one for private usage.

    If you want to use the Captive Portal from pfSense it could be also more secure.



  • @BlueKobold:

    Hello,

    please buy a Switch L2 or L3 likes your budget allows you and then you will have 2 WAN Interfaces
    and 1 LAN Interface and on the LAN interface you should connect the switch and set up then 2 VLANs
    one for public and one for private usage.

    If you want to use the Captive Portal from pfSense it could be also more secure.

    I have this switch: NETGEAR ProSAFE GS108E 8-Port Gigabit Plus Switch
    looks like this: http://www.amazon.com/NETGEAR-ProSAFE-GS108E-Gigabit-GS108E-300NAS/dp/B00M1C0186
    I dont know which level is have, seems like i cannot find that info.



  • The GS108Ev3 is a Layer2 based switch capable to handle and support VLANs, QoS and rate limiting.
    Connect it to the LAN interface and set up VLANs where you would be put inside your private, public
    and WLAN networks and then they are separated each from another.



  • An interface is an interface, computers dont care whether you call them wan lan or optx, they just follow the configs & rules, so if you wanted to learn something, maybe setup a captive portal on a separate interface (optx), log and censor the traffic and see what you can find & learn from your visitors if you fancy it.  :)