Fork: 0
root / gnexus-book
Transfer to URL with SHA Find file
Newer
Older
gnexus-book / 10-systems / networks / pfsense-router.md
@Eugene Sukhodolskiy Eugene Sukhodolskiy 1 day ago 1 KB Document home LAN topology and discovery observations
Raw Blame History

owner: gmikcon status: active last_reviewed: 2026-05-09 review_interval: 90d confidence: medium

source_of_truth: owner-confirmed

pfSense Router

Central router and firewall for the local network.

Access

  • Web UI: https://192.168.1.1/
  • Secret values are not stored in this repository.

Role

  • Local network edge.
  • Firewall and routing point for internal infrastructure.
  • Part of the path between local infrastructure and services reachable through trusted network paths.

Local Network Topology

The home network currently consists of two local networks implemented through one custom router with multiple network interfaces.

Each local network goes from the router into a switch and then is distributed through the home. The access layer includes wired TVs, PCs, servers, and Wi-Fi access points.

Home LAN

  • Inventory id: home-lan.
  • CIDR: 192.168.1.0/24.
  • Gateway: 192.168.1.1.
  • Main Wi-Fi SSID: home.
  • Wi-Fi mode: access points, not a separate routed Wi-Fi network.
  • Access points: 2 nodes.
  • Mesh mode: enabled for the main Wi-Fi nodes.

Home IoT LAN

  • Inventory id: home-iot-lan.
  • CIDR: 192.168.2.0/24.
  • Gateway: 192.168.2.1.
  • Purpose: service network for smart-home and IoT devices.
  • Wi-Fi mode: access points.
  • Mesh mode: intentionally disabled.
  • IoT Wi-Fi nodes:
    • home_iot_0
    • home_iot_1
    • home_iot_2

Current And Planned Policy

Current policy:

  • full access between home-lan and home-iot-lan;
  • IoT internet access is currently allowed.

Possible future policy:

  • isolate the two networks from each other;
  • cut off the IoT network from the internet.

Dual-Homed Smart Home Server

The smart-home server is present in both networks:

  • 192.168.1.101 on home-lan;
  • 192.168.2.101 on home-iot-lan.

Further details still need to be documented: exact router OS/configuration, interface names, firewall rules, port forwards, VPN routes, and DNS behavior.