Setting up guest network



  • hey, i have a rather strange setup at the moment, its almost working but a few things need to change… first, my current setup:

    WAN->pfsnese (1.1.1.1) ->home network on: 1.1.1.x -> WIFI router connected on ip 1.1.1.5 -> Guest network on 192.168.1.x

    now is the plan that the speed is limited for 1.1.1.5 and thus the whole guest network. this ive done and works. also i would like to limit the guest network (1.1.1.5) to just internet and not the other computers in my home network... but i dont know if its possible because a ping or brouwsing based on ip,  doesn't ask permission from the firiwall (1.1.1.1)... on the other hand, browsing on network/computer name doesn't go beyond the guest network so i guess thats not all that bad...

    its for a home network and guests with mostly tablets... its security doesn't have to be nasa style :P but it would be nice to be able to block ip stuff aswell... i had tried to put the guest router on: 1.1.2.1 and let things roll from there... but i didnt get internet. this way it means 1.1.1.x and 1.1.2.x are on the same network interface for the pfsense box (1.1.1.1) so i changed it back to 1.1.1.5 just so its working at the moment. i would rather have it in the 1.1.2.1 address but what do i need to do so i have internet in the 1.1.2.x range?

    sander


  • Banned

    No, you cannot have your LAN and WAN on the same subnet. And you should not be using research prefixes either.

    
    inetnum:        1.1.1.0 - 1.1.1.255
    netname:        APNIC-LABS
    descr:          Research prefix for APNIC Labs
    descr:          APNIC
    country:        AU
    admin-c:        AR302-AP
    tech-c:         AR302-AP
    mnt-by:         APNIC-HM
    mnt-routes:     MAINT-AU-APNIC-GM85-AP
    mnt-irt:        IRT-APNICRANDNET-AU
    status:         ASSIGNED PORTABLE
    changed:        hm-changed@apnic.net 20140507
    changed:        hm-changed@apnic.net 20140512
    source:         APNIC
    
    

    And finally - no, your WIFI router should NOT be routing. It should be connected via LAN port and have DHCP disabled.



  • I think you missread something…. i gat a WAN address of 84.28.x.x... the 1.1.1.1 if the ip on the lan side of the pfsense box

    I dont really get the code bit (if your able to connect/login to my pfsense box, did i miss something when setting it up? ... but what should i do then... i can make a access point out of it no prob, that is how another router is configured just to put out the wifi for the home network...

    but how can i put the settings for the guest network? if its in the same range, wont thy get random ip within my dhcp scope? so how wil i know which ip to limit?


  • Banned

    @sajansen:

    I think you missread something…. i gat a WAN address of 84.28.x.x... the 1.1.1.1 if the ip on the lan side of the pfsense box

    I would think you misdescribed something:

    WAN->pfsnese (1.1.1.1) ->home network on: 1.1.1.x -> WIFI router connected on ip 1.1.1.5 -> Guest network on 192.168.1.x

    Stick to RFC1918 space, not the 1.1.1.0 nonsense.
    Any guest network goes to a separate interface, not your LAN. (And your wifi router still should NOT be routing anything, otherwise the only thing you can shape is the router.)



  • i changed around a bit and now im having opt1  for guest and a global limit of the guest internet usage… i dont need a internet limit per ip so thats ok... is there anything else i need to set for rules from opt1 to lan and back?

    in the firewall i only have the internet passthrough rule with the limit...


Log in to reply