That's the way I do it - IIRC, you may have to set up the 'allow' for that subnet to go out, but you will definitely need to set one up to deny from them to LAN (or some subset thereof).
The nice thing is that I have my own ISC DHCP/BIND setup on my LAN, but I can just let pfSense take care of that other subnet so they're completely isolated. On 3/13/06, Jason <[EMAIL PROTECTED]> wrote: > Hi Holger, > > Thank you for quick reply. > So do I have to actually add a physical NIC, and assign another internal ip > and subnet for it, and then put rules to allow in firewall? > > Jason > > > > ----- Original Message ----- > From: "Holger Bauer" <[EMAIL PROTECTED]> > To: <support@pfsense.com> > Sent: Monday, March 13, 2006 2:24 PM > Subject: RE: [pfSense Support] seperation of network > > > > Yes, add an OPT1 interface and create one pass rule to allow all traffic > > to destination not lansubnet. > > > > Holger > > > > -----Original Message----- > > From: Jason [mailto:[EMAIL PROTECTED] > > Sent: Monday, March 13, 2006 7:05 AM > > To: support@pfsense.com > > Subject: [pfSense Support] seperation of network > > > > > > Hi, > > > > I need to let some of our guests to use our broadband, but I'm > > concerned about security. Can I force them to use a different subnet other > > than my Lan? It seems that vlan is doing such a function, but buying an > > expensive switch is not an option for me. What else can I try? Can I add > > another cheap NIC and another cheap hub for the job? Thanks for help. > > > > Jason > > > > ____________ > > Virus checked by G DATA AntiVirusKit > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >
