pfSense - how to setup interfaces

craptakular

craptakular

craptakular

Soldato
Joined
7 Jan 2007
Posts
10,607
Location
Sussex, UK
Hi,

I've built a box for pfSense, adding in 4x additional Gigabyte.

I built the box upstairs, unplugged the pfsense box and my PC from the network (and associated BT home hub 5) so it didn't get confused.

I setup WAN, which gave me the ip of 192.168.1.74

I setup LAN as 192.168.1.254

I setup OPT1-OPT3 as DCHP


I turned the machine off, connected the LAN port to my switch and connected my PC to the same switch. I could access the webGUI on 192.168.1.254.

I setup PPOE for BT Infinity and tested all Opt1-Opt3, they all worked.

I halted the PFsense box, moved it downstairs into the cupboard where the infinity modem is, plugged in the WAN cable and hooked the 4 LAN ports to the network sockets in the cupboard. Obviously ripping out the home hub 5.

I went upstairs to the PC, now there is no internet and I cannot access 192.168.1.254.

What am I doing wrong?

I'm going to take pfsense box back upstairs tonight so I can access the screen to see if the ip has changed.
 
I assume you did a reboot of the pfSense box before you took it downstairs, just to make sure all the settings had stuck?

Set a static on the PC and use Netscan to see if its out there.
 
Last edited:
Is your pfsense box set as a dhcp server? I assume the bt hub was doing that job before.

As above, set your laptop to static and see if it's reachable
 
I've discovered the problem. One of my new gigabyte cards doesn't appear to be 100% compatible.

I ordered this one:

IO Crest Dual Port Gigabit Ethernet Network PCI-E x1 Controller Card

It has a Realtek Chipset 8111E

After a quick google it seems there are some question marks on support for this chipset.

Maybe I will just return it and try to find an intel dual pci express network card. By the time I faff around for hours on end it will be cheaper to return and buy a proper intel one.

Any suggestion on this card? Have I assumed correctly, its trouble?
 
It was definatley a dodgy card, It kept loosng it once rebooted, removing the card means its stable now and boots up correctly.

Broadband now works, as does the LAN, still working on OPt1.

How do I link the Lan and Opt1 together so I can see my nas?
 
craptakular said:
It was definatley a dodgy card, It kept loosng it once rebooted, removing the card means its stable now and boots up correctly.

Broadband now works, as does the LAN, still working on OPt1.

How do I link the Lan and Opt1 together so I can see my nas?
Click to expand...

Sorry, hadn't got this thread monitored so missed the question.

You need to create a bridge, assign the LAN details to that and then add the LAN ports to the bridge and it can be a pain! I just used an 8 port switch. :)
 
I don't really understand why have you got opt1? Why not just plug the NAS into the switch.
 
He's got multiple ethernet ports available, but when creating the firewall he has just created a single WAN <-> LAN (Opt*) to a single port. Now he wants to add the other available ports to the LAN so needs to create a bridge, giving him a router. Problem is that to create the bridge if he wants to include the LAN port he's using to talk to the firewall then if he does it wrong he'll lose the ability to login and make changes, back to square one. :)

As you said, best to have just one WAN one LAN and a seperate switch, that's all thats needed. Also with multiple LAN ports in a bridge it can gobble up the CPU if have a NAS attatched and start transfering a lot of data.
 
craptakular said:
I've discovered the problem. One of my new gigabyte cards doesn't appear to be 100% compatible.

I ordered this one:

IO Crest Dual Port Gigabit Ethernet Network PCI-E x1 Controller Card

It has a Realtek Chipset 8111E

After a quick google it seems there are some question marks on support for this chipset.

Maybe I will just return it and try to find an intel dual pci express network card. By the time I faff around for hours on end it will be cheaper to return and buy a proper intel one.

Any suggestion on this card? Have I assumed correctly, its trouble?
Click to expand...

Ah, I had a problem with a Realtek dual port card being recognised(as in no kernel module for it) and ended up downloading the source code for the drivers, starting GhostBSD(correct version for pfSense) in a virtual machine, downloading kernel sources, attempting to compile the Realtek drivers - editing the source code a couple of times to remove compilation errors - putting the kernel module on a USB stick, loading it into the pfSense box, copying it into the right directory, then editing a startup config file to get it loaded.

If that sounds like a pain in the backside - it was. :rolleyes:

The simple solution was to get a used compatible dual port Intel card - "Dell Intel Port Dual Port Gigabit PCI-E Network Card X3959" - for £18. Worked first time without any problems(as far as I'm aware). :)
 
You need to create a bridge, then attach the LAN ports ( Opt1, Opt2 etc ) to that bridge, otherwise you have seperate subnets and will need to route between the LAN ports. If you create a bridge, the bridge MAC address is then shared accross all the LAN ports, same as a multiple LAN port router. The device is then WAN <-> LAN_Bridge<->Multiple LAN ports
 
I don't understand why you need a bridge?

The only time I have bridged with pfsense is when using "cable" like virgin, you have to use the modem and then you put the wan in to bridge mode.

I don't see why you would have to bridge between lan interfaces.

any lan interface can see the other lan interfaces automatically, just create an allow all rule on the lan interface and job done.

For example on my pfsense i have a lan interface and a wifi interface, i can access clients on both subnets without any bridging. The same principle would be the same whether you have 10 physical nic all going to different subnets or two 2 wifi or whatever.
 
Sorry for double post,

Here is a guide I made a while back for setting up a wifi interface, it would no different setting up another 5 lan interfaces with different subnets. As long as on the interface you setup the dhcp server and you go to the rules for the interface and allow any to any then each subnet can access the other subnet.

https://t3chguides.wordpress.com/2015/05/10/pfsense-2-2-setup-wireless-n-using-pcie-wifi-adapter/

for example my desktop is connect to the 192 range and my wifi is on 5.5.5.X. I can just connect across the subnets without any issues.

Please correct me if i missing something?
 
I think we are at cross purposes. If you want to create a 'switch' which is what the op wanted to do, then you must create a LAN bridge. You are correct in that you can create multiple subnets just by adding the lan ports. If you wanted them all on the same subnet, you would need to create a LAN bridge. Merry Christmas.. :)
 
Also, whenever you pull NICs from a pfSense box you'll be presented with the interface assignment wizard when you boot. Found that out the other day removing a wifi card I was experimenting with. Had to dig the monitor out again.

Really must get the serial port set up.
 
:) Fortunately I have a Brainboxes USB<->232 device I use at work and my pfSense unit is a PCEngines device so it's very easy for me; probably the easiest device I've ever had to set up.

Put the box together, grab an image, make a bootable USB stick, boot it and follow the wizard; just had to do some adjustments and add packages when it was running.

Simples...
 
You must log in or register to reply here.
Back
Top Bottom