Hi,
I'm new here and I'm trying to figure out what a reasonable setup with my constraints could be.
Situation
- Fiber router of ISP I have to use
- Router comes with good wifi, I want to use this and avoid another wifi AP
- Router can only provide natted private IP range internally no transparent mode
I have a pcengines device where I already installed OPNsense. Now I would like to:
- Route all incoming/outgoing traffic through OPNSense
- Provide the dhcp server with OPNSense also for wifi
- Have all internal devices in the same network, no routing for internal traffic
(https://i.imgur.com/9vKM7Iz.png)
Can that somehow reasonably be achieved?I see no problems with wired clients as I can connect them exclusively via the firewall.
But for wireless clients I'm not sure how I could this in a reasonable and secure way. I know I could probably do something with VLANs but i.e. exposing the dhcp server on the WAN interface in order to allow wifi clients that connect to the isp router obtain an ip feels wrong and somewhat dangerous
EDIT (fabian): Mark as solved
After thinking it back and forth I decided that the simplest and cleanest approach is to buy a separate Wifi Access Point. Ubiquiti UniFi AP-AC-Pro in case someone wondered. Very happy with it - Problem solved.