I just got pfSense running on my home LAN. I had a cheap Walmart/Everex PC that wasn’t doing anything. And with the three day weekend I realized that I could use it to create a better home network. I added an Ethernet card that I had plus a new Linksys 10/100 Ethernet card that I found at my local Target for $11.99. This gave the computer 3 network interfaces: WAN, LAN, and Opt1WiFi. I have DSL service, so I hooked the WAN interface of the computer to the DSL router. The WAN interface gets a DHCP address. I hooked the LAN interface to an Ethernet switch that I had around. The LAN interface is configured with a DHCP server. I can hook a laptop into the LAN switch, get a DHCP lease from pfSense, and access the WAN interface out to the Internet.
Yeah, yeah, this could also be done with a typical router like the Linksys WRT54GL. Well, I do have a WRT54GL, which I hooked to the Opt1WiFi interface on the pfSense server. So the WRT54GL also has a concept of a WAN<->LAN interface. In my new configuration the WAN side of the WRT54GL is receiving a DHCP address from the Opti1WiFi interface and the DHCP service of pfSense. The LAN side of the WRT54GL is providing addresses via WiFi (which is how I am posting this from my laptop).
So why have both the pfSense server and the WRT54GL? What the 3 interfaces of the pfSense server allow me to do is separate the WiFi traffic from the LAN. I can add a firewall rule in pfSense to only allow the WiFi traffic from the Opt1WiFi interface to the WAN and block access to the LAN. This will allow me to have services on the LAN network interface that are protected from any WiFi connections.
But what if I want my laptop, connected over the WiFi network, to access my home LAN network? I believe that there are a couple different ways the pfSense will allow me to do that. But that is another task for another time. Because at this time, there isn’t anything (yet) running on my new LAN network segment.