Firewall in pfSense

A

AusTiN2011-10-06 15:53:27

firewall

AusTiN, 2011-10-06 15:53:27

Firewall in pfSense

Good day to all.
So, there is pfSense, a wired network and two WiFi routers. The task is as follows:

a) router A (for employees) must be able to access the Internet, and have access to the internal network (i.e. to other computers)
b) router B (for guests) must see only the Internet, but not have no access to the internal network (including router A, ideally - and to the pfSense admin panel)

At the moment the situation is as follows:
pfSense - IP 192.168.1.1/24
Router A - 192.168.5.1/24
Router B - 192.168.6.1/24
Everyone sees each other - not an option ...

I tried to do it in pfSense as follows:

It did not work. What am I doing wrong, and how to do it right? Tell me plz...

PS: I am attaching a handicraft map of the network in Paint.

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

J

jov, 2011-10-06
@jov

It is not clear from your diagram how guests and employees generally have access to the Internet, because routers and a host with pfSense on board are on different subnets, therefore they do not see each other. This time.
Secondly, since you already have two routers, and not access points, then you can probably write a list of hosts to which access is denied, so drive the entire “guest network” there. I have not seen a single modern router that does not have such functionality out of the box.

A

Alexander, 2011-10-12
Yankovskiy @Suncheez

The easiest way: to raise dhcp on a guest point in a different subnet and issue an instruction to PF to release this subnet to the Internet.
If you want security, then resolve it with VLAN tags - this will be reliable isolation at the link level. But we don’t need household hotspots, for which vlans are not something outlandish. If hotspots are cheap, but security is needed, you can try to turn to the switch. If it is managed, then 99% that it has vlans.