Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Setting up guest network

    Scheduled Pinned Locked Moved Firewalling
    5 Posts 2 Posters 1.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sajansen
      last edited by

      hey, i have a rather strange setup at the moment, its almost working but a few things need to change… first, my current setup:

      WAN->pfsnese (1.1.1.1) ->home network on: 1.1.1.x -> WIFI router connected on ip 1.1.1.5 -> Guest network on 192.168.1.x

      now is the plan that the speed is limited for 1.1.1.5 and thus the whole guest network. this ive done and works. also i would like to limit the guest network (1.1.1.5) to just internet and not the other computers in my home network... but i dont know if its possible because a ping or brouwsing based on ip,  doesn't ask permission from the firiwall (1.1.1.1)... on the other hand, browsing on network/computer name doesn't go beyond the guest network so i guess thats not all that bad...

      its for a home network and guests with mostly tablets... its security doesn't have to be nasa style :P but it would be nice to be able to block ip stuff aswell... i had tried to put the guest router on: 1.1.2.1 and let things roll from there... but i didnt get internet. this way it means 1.1.1.x and 1.1.2.x are on the same network interface for the pfsense box (1.1.1.1) so i changed it back to 1.1.1.5 just so its working at the moment. i would rather have it in the 1.1.2.1 address but what do i need to do so i have internet in the 1.1.2.x range?

      sander

      1 Reply Last reply Reply Quote 0
      • D
        doktornotor Banned
        last edited by

        No, you cannot have your LAN and WAN on the same subnet. And you should not be using research prefixes either.

        
        inetnum:        1.1.1.0 - 1.1.1.255
        netname:        APNIC-LABS
        descr:          Research prefix for APNIC Labs
        descr:          APNIC
        country:        AU
        admin-c:        AR302-AP
        tech-c:         AR302-AP
        mnt-by:         APNIC-HM
        mnt-routes:     MAINT-AU-APNIC-GM85-AP
        mnt-irt:        IRT-APNICRANDNET-AU
        status:         ASSIGNED PORTABLE
        changed:        hm-changed@apnic.net 20140507
        changed:        hm-changed@apnic.net 20140512
        source:         APNIC
        
        

        And finally - no, your WIFI router should NOT be routing. It should be connected via LAN port and have DHCP disabled.

        1 Reply Last reply Reply Quote 0
        • S
          sajansen
          last edited by

          I think you missread something…. i gat a WAN address of 84.28.x.x... the 1.1.1.1 if the ip on the lan side of the pfsense box

          I dont really get the code bit (if your able to connect/login to my pfsense box, did i miss something when setting it up? ... but what should i do then... i can make a access point out of it no prob, that is how another router is configured just to put out the wifi for the home network...

          but how can i put the settings for the guest network? if its in the same range, wont thy get random ip within my dhcp scope? so how wil i know which ip to limit?

          1 Reply Last reply Reply Quote 0
          • D
            doktornotor Banned
            last edited by

            @sajansen:

            I think you missread something…. i gat a WAN address of 84.28.x.x... the 1.1.1.1 if the ip on the lan side of the pfsense box

            I would think you misdescribed something:

            WAN->pfsnese (1.1.1.1) ->home network on: 1.1.1.x -> WIFI router connected on ip 1.1.1.5 -> Guest network on 192.168.1.x

            Stick to RFC1918 space, not the 1.1.1.0 nonsense.
            Any guest network goes to a separate interface, not your LAN. (And your wifi router still should NOT be routing anything, otherwise the only thing you can shape is the router.)

            1 Reply Last reply Reply Quote 0
            • S
              sajansen
              last edited by

              i changed around a bit and now im having opt1  for guest and a global limit of the guest internet usage… i dont need a internet limit per ip so thats ok... is there anything else i need to set for rules from opt1 to lan and back?

              in the firewall i only have the internet passthrough rule with the limit...

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.