Help with network "design"



  • Hello everyone, this is my first post and its about the design of a home network.

    Since I have no budget to buy real hardware, I'd like to use pfsense under virtualbox, to protect my internal network from the outside, but also from various unknown wifi devices.

    My current setup is simple: a managed netgear 32-port gigabit switch and a DSL wifi router that provides DHCP and NAT to the internet (typical 192.168.1.1 sort of router setup).

    I would like to change the above setup to: internal network via netgear switch -> pfsense vm -> adsl router + wifi

    I'd like the wifi to have NO access to the internal network.

    Is this possible with a virtualbox pfsense?

    What kind of settings would pfsense require?

    How do I prevent a device from the internal network, to directly access the adsl router, thus by-passing the pfsense vm?

    Any help would be appreciated.

    Thank you.



  • It is very possible.
    There are many ways to attack this.
    You can use the managed switch VLAN capabilities to create networks that cannot speak to each other.
    You can use the pfsense Firewall Rules TAB to accomplish the same thing.
    Pfsense can be used as a DHCP for the internal network it can also act as a DNS

    With pfsense alone you can make the firewall rules where no device can touch the internal network and vice versa. You can also make a rule in pfsense to not access the adsl router for the exception of one machine or subnet(usually an internal LAN) etc,..

    With pfsense you can make VLAN with Tags on them and you can then use the managed switch to distribute the tags to the correct networks.

    All possible with your setup and more.


Log in to reply