Simple wireless router question with Pfsense



  • Hi,

    My ipcop box is connected to my powerswitch that provides my computers connectivity and I am connecting my wireless router into my powerswitch as well. Only concern is subnet mask, both my ipcop firewall and my router subnet are 255.255.255.0. I know this can cause conflict. Do I just use a different series of ip address?

    Please help.

    -Brandon



  • Why use two systems? pfSense can be a perimeter firewall and access point with the same box.

    If you're deploying pfSense as strictly an AP, you want to put its WAN on your LAN, using the same subnet as your LAN. You probably either want to bridge your wireless to the pfSense WAN (your LAN), or disable NAT if you want to route a different subnet for your wireless network. You'll need to add a rule to the WAN so you can manage it.



  • Hey man,

    Thanks for the great advise. Please forgive me as I am a noob with firewalls, but I am getting my stuff down pretty quick. I would rather use my wifi router as an access point going into my powerswitch controlled by Pfsense so that I can have better security rather than having my wireless router on auto dhcp with a seperate ip address. I got my home network on 192.168.1.1 etc, and I would like to keep my wireless router in the same rules for better security. I don't want one of my neighbors to hack my wep key and have access to my network. Would I go into my wireless router and select static IP and fill out all of the info to do this???

    Also you say to bridge my wifi router into my WAN network on pfsense, wouldn't this be a security issue since my LAN is pushing out the protected network? Should I just go into my router and select static network and plug it directly through my home network?

    Please let me know exactly what to do as I am still learning, and I thank you for your time and efforts helping me resolve this issue.

    Its a netgear router by the way.

    Take care,

    Brandon



  • First, use something better than WEP, like WPA with a strong passphrase (long, including upper and lowercase letters, numbers, and symbols). That'll keep out unauthorized users.

    @mechanicalmetal:

    Also you say to bridge my wifi router into my WAN network on pfsense, wouldn't this be a security issue since my LAN is pushing out the protected network? Should I just go into my router and select static network and plug it directly through my home network?

    You can firewall on a bridge no differently than you can on a routed or NATed interface. If you want them both on the same subnet, that's your only option. You can't have two identical subnets in two separate broadcast domains, so bridging is the only way to use the same subnet on both the wireless and wired networks. It's usually the most desirable for home users because it's the only way things like Windows network browsing will work properly.


Log in to reply