Set up WAN only lan port
-
I have an extra Ethernet port on my PFSense computer. How can I configure the port to allow internet access without having any communication between it and my LAN? I'm the poor slob that gets to rid the relatives computers of viruses and I don't want anything that they bring here to infect anything on my network. Is there a simple guide somewhere? I enabled the OPT1 port and set it to DHCP and it doesn't work.
-
I enabled the OPT1 port and set it to DHCP and it doesn't work.
Is there a DHCP server in that subnet? If not enable DHCP server on that interface in pfSense.
To allow internet access, add an appropriate firewall rule after enabling the interface:
Got to Firewall > Rules > tab of the new interface, select any at protocol, at destination check "not" and at type dropdown select "LAN net", enter a description below and safe it.
This rule allows any traffic to anywhere on this interface, but not to your LAN. -
Or make a reject rule for source OPT1 net dest LAN net followed by a pass any any rule like the default on LAN. That way if a device tries to access LAN they get a NAK instead of just hanging and waiting for a timeout.
Pass TCP/UDP Source OPT1 Net dest This Firewall port 53
Pass ICMP source OPT1 Net dest This firewall
Reject any source OPT1 Net dest LAN net
Reject any source OPT1 Net dest This firewall
Pass any source OPT1 net dest any