So i'm trying to implement a bit of a variation on the guest wifi and having some troubles. The basic layout is the cable modem to a PFSense router connected to a Linksys e2000 on the lan side. Within the e2000 i've disabled the wan port and bridged it to br0 to make it essentially a 5 port switch. Then setup the lan bridges as follows:
BR0: stp(no) 192.168.0.10 255.255.255.0 dhcp(off)
BR1: stp(no) 192.168.1.10 255.255.255.0 dhcp(on)
Default gateway dns, wins, etc on basic page left at default(0.0.0.0)
VLAN Tab as follows
VLAN VID Port 1 Port 2 Port 3 Port 4 WAN Port Default Bridge
1 1 Yes Yes Yes * LAN (br0)
2 2 Yes WAN
3 3 Yes LAN1 (br1)
Would like to only have 2 vlans and have WAN be either on LAN1 or LAN but it wont play ball.
LAN Access TAB
On Src Src Address Dst Dst Address Description
On LAN1 LAN 10.0.0.1 Guest to PFSense
Goal is to isolate machines connected VLAN3(port4) to internet access only with limeted access to internal(VLAN1) resources like the printer. However under the current setup anything plugged into port 4 has no internet and cant reach 192.168.0.1(pfsense router)
Heres my attempt at a diagram since the imarge wizard wont recognize my publicly accessible visio diagram. If you care to look the link is - hsimt 'dot com' 'forward slash' proposednetwork.png (formated because of low karma)
PFSense(gateway to internet/DNS 192.168.0.1)
E2000 With Shibby Tomato(192.168.0.10 and 192.168.1.10)
Guest Devices(192.168.1.0/24) Internal Devices(192.168.0.0/24)
Port 4, VLAN3, BR1 Other LAN Ports VLAN1 BR0
Ultimately, if this is something that can't work I'll just buy another usb to ethernet adapter and connect it to the pfsense router to and let it do all the routing segregation etc. relegating the e2000 to a dumb switch/AP, but ideally I don't want to buy the adaptor if I dont have to .
Thanks for any insight, and if theres anything I can do to make this more clear/easy to help please let me know. Also I'm not married to this design if theres a better approach so long as the overall goals are met.