Configure a gateway for PfSense
Configure a gateway for PfSense
Yes, I’m not completely confident about this. When I let the devices access the IP, the rules I configured in pfSense seem to be ignoring them. It looks like the devices are circumventing pfSense and connecting directly online. I believe I set everything correctly.
I’ve organized my gear in a straightforward way. I recently installed a PFSense device over the past few days and it seems you’re adding unnecessary layers. For instance, my current arrangement looks like this: a fiber interface box connects to the PFSense box, which then links to a managed switch—one port serves as an AP/switch for my primary network, while another port connects to a separate guest Wi-Fi router. By default, devices see the PFSense box as their gateway, so you shouldn’t need to configure it manually. In the PFSense web interface, the fiber interface box is automatically detected as the WAN gateway.
The host PC has a static IP assigned for communication with the router and internet access. The VM runs in VirtualBox and its network is bridged to the host.
ok I think I understand now - so based on your diagram pfsense can't act as a firewall because it isn't inline. You are using it as a DHCP server (which doesn't need to be inline) but for it to be acting as a firewall, router, etc all traffic would need to flow through it between clients and internet (either physically or logically). Does your host PC that you're running pfsense in a VM on have at least 2 ethernet ports that can be dedicated to pfsense? *EDIT* here is a pic of my setup. I am using an 8 port switch behind the pfsense box, port 8 is the LAN side of pfsense and is untagged for VLAN1, tagged for VLAN2. port 7 goes to the guest wifi AP and is untagged for VLAN2 but is not a member of VLAN1. port 6 goes to the old wifi AP, for my main network and is untagged for VLAN1. Ports 1-6 are not members of VLAN2. This way, any traffic coming in via port 7 (through the guest wifi AP) is seen as VLAN2 by pfsense and managed accordingly. I don't think having pfsense out of line can operate in the way you're wanting it to since traffic does not flow 'through' it.
I believe I misunderstood the setup. You mentioned having a wireless USB interface and wondering if it can work on the LAN side. Since you don’t have a wired Ethernet connection, you’re asking about using Wi-Fi capabilities for your USB port to support other devices like phones. You also want to know how to connect your USB LAN interface to another Wi-Fi router and set that router as an access point. I can help you explore possible methods if it’s feasible.
You could try using the USB Wi-Fi dongle on the PF-SENSE unit as a broadcast node, allowing other devices to connect to it. According to what I know, setting up the first configuration with a Wi-Fi USB dongle to route internet through a Wi-Fi access point isn’t feasible. This is mainly because such a setup relies on a Wi-Fi repeater, which is built specifically for this purpose. Access points are meant to distribute internet via Ethernet ports and share that connection across multiple ports using Wi-Fi.
Instead, you might consider purchasing a Wi-Fi repeater designed for this role, like the ones mentioned by @jakkuh_t. They likely use three frequency bands: one for trunking main network/internet access to/from the repeater and two for regular device communication. Older repeaters operated similarly, switching between talking to devices and relaying traffic to the AP, which reduced bandwidth efficiency.
If you have cabling available, using a USB-to-Ethernet adapter on your PF-SENSE PC and connecting it directly to the Wi-Fi access point could work as an alternative.
Check if this comes from the wireless interfaces page. If yes, there doesn’t seem to be an option to add it. I also saw my USB wireless interface listed as em1 in the interface assignments page—this should be there for setup. It didn’t show up on the wireless interfaces page even after adding.