Ohh my GOODNESS
Over 1000 domains ! And I thought 50 maybe enough. This Pfsense can make a good little project in a long vacation. Can I run it in a virtual machine inside one of my physical machines that is placed after the wireless router??? Or the placement is very necessary? i.e. Can I make one machine in my LAN as my gateway to the internet? I'll have to have the VM up all the time though.
Thanks.
Placement is pretty specific. You might be able to get away with it on a VM from a host physically connected to your wireless router, but you would need to take advantage of VLANs to do so, and also need a wireless router that supports VLAN trunk ports (i.e. a port that is associated with multiple VLANs). Not all wireless routers will give you this capability.
For this example:
Create new VLAN (make it something not in use, probably something like VLAN ID 11) on wireless router (router/software specific, so directions need to be looked up for your hardware), and assign one of the ports to that VLAN (example below assumes port 2). Setup port 3 to default untagged data to main VLAN used by the rest of the switch ports (probably VLAN ID 2, but this varies from manufacturer to manufacturer), but also allow the tagged use of VLAN 11 on port 3. Connect the following:
((INTERNET)) <--> [ISP modem] <---> [Port 2 on Wireless router]
Connect your computer running the VM to port 3. Then when you setup pfsense VM, you can specify that it uses VLANs for routing between the public (WAN) and private (LAN) networks, and specify the appropriate VLAN ID (11 for public, and 2 for the private in this example). When configuring the LAN, specify the an IP address for whatever network you are using on your wireless router's internal net (i.e. if you are using 192.168.1.1 for your wireless router, make the pfsense LAN interface be 192.168.1.2).
You will then need to chage in your wireless router and set it to be in access point mode (and not router mode), and change the default route to be 192.168.1.2 on the wireless router. You can then either let pfsense be your DHCP server or assuming your router still supports it, let it continue to be the DHCP server while acting as an access point (not all wireless routers will allow this level of fine tuning, but DD-WRT/OpenWRT firmware would let you do this).
As you can see it is a lot easier with a physical system, which is partly why I have a physical system (not that I don't have a much more complex setup on mine and am also using VLANs to perform the routing, but that is because I configured my pfsense system to be a router-on-a-stick (i.e. I only have a single physical network cable going to my system, but that said, the single cable I have connected is a QSFP+ 40Gbps link, this way I am prepped in case my ISP ever expands to 10Gbps or higher, as I would simply change the modem, configured a 10Gbps port on my main switch to be my external VLAN, and connect it to that port).
devicetests.com
wifirepeater.org
Facebook
Twitter
Instagram