Greg Huggins wrote:
I am currently using IPCOP and have the RED – Wan, GREEN – Lan and
BLUE – Wireless concept in my mind for referring to the various NICS.
In my current IPCOP configuration I have my wireless AP and other
computers hooked to the BLUE NIC and these computers cannot see the
GREEN-Lan unless rules are made to allow the BLUE to see the GREEN but
all on the BLUE NIC can access the internet.
Is this the same concept in pfSense? If I have a 3 NIC setup can the
optional NIC (BLUE) see others on the BLUE and access the internet but
not access computers on the GREEN-Lan side?
I won't make any sesame street comments. :)
This depends entirely on how you setup your rules. By default, a new OPT
interface cannot get to anything at all. You add rules defining where it
can go. But yes, it's easy to set it up the way you mention, just add a
rule to permit traffic from any to destination "not LAN subnet", and you
have the equivalent. I'd recommend much tighter egress filtering than that.
I am thinking of switching to pfSense. Good idea?
might work very well, might be a big headache. though it's getting to
the point that it seems to be working very well much more than it's
being a headache. this is what you have to expect with alpha/almost-beta
software.
-cmb