Editing Introduction to a Self Managed Life: a 13 hour & 28 minute presentation by FUTO software (section)

== Step 2: PfSense Configuration Guide for Trusted &amp; Untrusted Networks ==

We want to have two separate networks; but we are using one cable to connect the switch to our wifi access point. We do that with VLANs, which are “virtual” LANs. Each packet we send is going to have a tag on it that tells it which LAN it is. The switch, &amp; in the case the wifi access point, will use this to direct the traffic to the correct virtual LAN.

Each of our wifi clients will be connecting to a LAN. The trusted wifi network will connect to the standard <code>192.168.5.0/24</code> LAN, and the untrusted to a 2nd network we create on <code>192.168.7.0/24</code>

<span id="create-vlans"></span>
==== 2.1 Create VLANs ====

# Navigate to: '''Interfaces &gt; Assignments &gt; VLANs'''
# Click “Add” to create first VLAN:
#* Parent Interface: Select your LAN interface (usually igb0 or em0)
#* VLAN Tag: 7
#* Priority: leave blank
#* Description: '''“maliciouswifi”'''
#* Click '''“Save”'''

<span id="create-network-interfaces"></span>
==== 2.2 Create Network Interfaces ====

# Go to: '''Interfaces &gt; Assignments'''
# From the '''“Available network ports”''' dropdown:
#* Select the VLAN 7 interface and click “Add”
#* Note the names assigned (typically OPT1 and OPT2
#* Name this '''maliciouswifi'''

<span id="set-ip-range-of-new-interface"></span>
==== 2.3 Set IP range of new interface ====

# Go to: '''Interfaces &gt; MALICIOUSWIFI'''
# In '''“General Configuration”''' set the following options:
#* Set '''“Description”''' to maliciouswifi
#* Set '''“IPv4” Configuration Type”''' to Static IPv4
#* Set '''“IPv6 Configuration type”''' to None.
#** If you have a reason to use IPv6, you are probably a network administrator for the world trade tower or a mall or something &amp; aren’t reading this guide anyway.
# In '''“Static IPv4 Configuration”''' set the following options:

* '''“IPv4 Address”''' to <code>192.168.7.1</code>
** The slash thingie at the end to <code>/24</code> - this means we get the entire range from <code>192.168.7.2</code> to <code>192.168.7.254</code> for wifi clients connecting to this network when we set up DHCP server.
* Set '''“IPv4 Upstream Gateway”''' to None

<ol start="4" style="list-style-type: decimal;">
<li>Hit '''“Save”'''</li></ol>

<span id="configure-dhcp-server"></span>
==== 2.4 Configure DHCP Server ====

DHCP is what allows you to connect to a wifi network and get online without having to specify the IP address, gateway, DNS server, etc. This is necessary so clients get an IP address when they connect to the wifi network automatically.

* Malicious wifi Network DHCP:

# Navigate to: '''Services &gt; DHCP Server &gt; MALICIOUSWIFI'''

* The interface maliciouswifi will be at the top after you click onto '''“DHCP Server”'''

<ol start="2" style="list-style-type: decimal;">
<li>Configure:
<ul>
<li>Enable: ✓ Checked '''” Enable DHCP server on MALICIOUSWIFI interface “'''</li>
<li>'''“Address Pool Range”''':
<ul>
<li>From: 192.168.7.2</li>
<li>To: 192.168.7.254</li></ul>
</li></ul>
</li>
<li>Click Save</li></ol>

<div class="figure">

<gallery mode="packed-hover" heights=250 widths=400 perrow=2>
File:image-20241113192410257.png
</gallery>

</div>
<div class="figure">

<gallery mode="packed-hover" heights=250 widths=400 perrow=2>
File:image-20241113192442850.png
</gallery>

</div>
<div class="figure">

<gallery mode="packed-hover" heights=250 widths=400 perrow=2>
File:image-20241113192623441.png
</gallery>

</div>
<div class="figure">

<gallery mode="packed-hover" heights=250 widths=400 perrow=2>
File:image-20241113192834456.png
</gallery>

</div>
<div class="figure">

<gallery mode="packed-hover" heights=250 widths=400 perrow=2>
File:image-20241113193208715.png
</gallery>

</div>
<span id="step-3-configure-firewall-rules"></span>