Re: [pfSense] Access Point config: separating guest from permissible users
On 2018-03-10 18:54, Antonio wrote: Hi pfSense experts, I was hoping you could help me with a config questions. I have pfSense configured as main routed for my network. The WAN is connected to DSL modem, one LAN on a ethernet switch and another LAN port on a Netgear R8000 with dd-wrt installed. One of the cool features of the R8000 is that it has two seperate wireless networks: 2.4GHz and 5GHz. I wanted to use one for guest and only allow access to internet while the other for permitted users (family members) that would also have access to the local network. How am I going to achieve this on pfSense though? is it a matter of closing access to local network for all IPs coming from the AP except those I want to permit (family devices) or is there a simpler way of doing this i.e. VLANs? I look forward to your reponse. Thank you Hello, The simple answer is to configure the dd-wrt box to give different IP addresses to the two separate wireless bands. Let's say you make the 2.4Ghz band 192.168.24.0/24 and the 5Ghz band 192.168.5.0/24. (I'm assuming you'll use the 5Ghz band for family members, just to make things easy for me). You then write firewall rules that allow 192.168.5.0/24 to access the LAN and WAN while 192.168.24.0/24 can only access the WAN. The easiest way for the first set of rules is to block access to 192.168.24.0/24 from 192.168.5.0/24 (your trusted users). And the easiest way for the second set of rules is to block all traffic to RFC 1918 address. So block all access to 10.0.0.0/8, 172.16.0.0/22, & 192.168.0.0/16. You could be specific, but if you don't want the guests to be able to access anything but the Internet, then it's easier just to block all private address. That way if you change something elsewhere on your network, you won't have to mess with the firewall rules for the wireless. Of course dd-wrt can do firewalling on its own, so (assuming you could assign different IP ranges to the different wireless networks) you could do the firewalling there. And in my example it's important for dd-wrt to act as a bridge. If it's a router, you would have to set up firewalling there to prevent your guests from connecting to trusted computers (prevent the two wireless networks from talking to each other). If you can't get dd-wrt to do that, I'd do the firewalling there. Hope this helps. Jason M. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Strange problems with pfSense 2.1.4
Hello, Jason M. wrote: I'm using the PFW201 hardware from Tranquilnet According to Tranquilnet: *Note: These units may run hot to the touch and we recommend eith a wall mount or to place them on a cool, dry and hard surface with proper air flow I can build systems that are much faster and more powerful for less than half the price so I've never used a PFW201, but I have seen it mentioned that units like them often have a cpu heat sink that makes contact with the case. Or, that they have a metal shim that connects the heat sink to the case. Heat transfer for these systems is often critical. Is yours overheating? Are you testing with one of the Tranquilnet units, or one of the units you got direct from the supplier? One, the problem first appeared with the Tranquilnet unit. Two, I forgot to mention that I noticed that the heat problem (it's hard to miss if you don't read the directions -- the units are almost hot enough to burn skin :) and am using a laptop cooler for now. I'm trying out USB powered fans as a better long term solution, but the units are very cool with the laptop cooler. Now my question is, what is going wrong? I've tried the same config on multiple devices, so I don't think it's hardware. Could my config have become corrupted? I don't follow your logic about it not being the hardware, but yes, your config could have become corrupted. Try another CF card? Try installing from scratch and restoring a backup xml file? Well, pfSense recommends the Tranquilnet hardware and the problem occurs with that. The problem also occurs with the units from the manufacturer which have the same part number and look identical. These units have a backup XML file restored to a fresh CF card. Sorry for not mentioning this in my first message -- I was kind of tired. I was trying to say that maybe something in the .xml config might have become corrupted, but I took a look at the .xml file and it doesn't look like there's room for corruption. The only thing strange is this: revision time1407542644/time description![CDATA[admin@192.168.182.10: /system_usermanager.php made unknown change]]/description usernameadmin@192.168.182.10/username /revision Do have any other ideas? ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list Thanks for the help, Jason M. ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
