Toggle navigation
pfSense Logo
Community Edition
System
Advanced
Cert. Manager
General Setup
High Avail. Sync
Logout (admin)
Package Manager
Register
Routing
Setup Wizard
Update
User Manager
Interfaces
Assignments
WAN
LAN
Firewall
Aliases
NAT
Rules
Schedules
Traffic Shaper
Virtual IPs
Services
Auto Config Backup
Captive Portal
DHCP Relay
DHCP Server
DHCPv6 Relay
DHCPv6 Server & RA
DNS Forwarder
DNS Resolver
Dynamic DNS
IGMP Proxy
NTP
PPPoE Server
SNMP
UPnP & NAT-PMP
Wake-on-LAN
VPN
IPsec
L2TP
OpenVPN
Status
Captive Portal
CARP (failover)
Dashboard
DHCP Leases
DHCPv6 Leases
DNS Resolver
Filter Reload
Gateways
Interfaces
IPsec
Monitoring
NTP
OpenVPN
Queues
Services
System Logs
Traffic Graph
UPnP & NAT-PMP
Diagnostics
ARP Table
Authentication
Backup & Restore
Command Prompt
DNS Lookup
Edit File
Factory Defaults
Halt System
Limiter Info
NDP Table
Packet Capture
pfInfo
pfTop
Ping
Reboot
Routes
S.M.A.R.T. Status
Sockets
States
States Summary
System Activity
Tables
Test Port
Traceroute
Help
About this Page
Bug Database
Documentation
FreeBSD Handbook
Paid Support
pfSense Book
Upgrade to pfSense Plus
User Forum
User survey
Interfaces
LAN (em0)
General Configuration
Enable
Enable interface
Description
Enter a description (name) for the interface here.
IPv4 Configuration Type
None
Static IPv4
DHCP
PPP
PPPoE
PPTP
L2TP
IPv6 Configuration Type
None
Static IPv6
DHCP6
SLAAC
6rd Tunnel
6to4 Tunnel
Track Interface
MAC Address
This field can be used to modify ("spoof") the MAC address of this interface.
Enter a MAC address in the following format: xx:xx:xx:xx:xx:xx or leave blank.
MTU
If this field is blank, the adapter's default MTU will be used. This is typically 1500 bytes but can vary in some circumstances.
MSS
If a value is entered in this field, then MSS clamping for TCP connections to the value entered above minus 40 for IPv4 (TCP/IPv4 header size) and minus 60 for IPv6 (TCP/IPv6 header size) will be in effect.
Speed and Duplex
Default (no preference, typically autoselect)
------- Media Supported by this interface -------
autoselect
1000baseT
1000baseT full-duplex
100baseTX full-duplex
100baseTX
10baseT/UTP full-duplex
10baseT/UTP
Explicitly set speed and duplex mode for this interface.
WARNING: MUST be set to autoselect (automatically negotiate speed) unless the port this interface connects to has its speed and duplex forced.
Static IPv4 Configuration
IPv4 Address
/
32
31
30
29
28
27
26
25
24
23
22
21
20
19
18
17
16
15
14
13
12
11
10
9
8
7
6
5
4
3
2
1
IPv4 Upstream gateway
None
Add a new gateway
If this interface is an Internet connection, select an existing Gateway from the list or add a new one using the "Add" button.
On local area network interfaces the upstream gateway should be "none".
Selecting an upstream gateway causes the firewall to treat this interface as a
WAN type interface
.
Gateways can be managed by
clicking here
.
SLAAC IPv6 Configuration
Use IPv4 connectivity as parent interface
IPv6 will use the IPv4 connectivity link (PPPoE)
Static IPv6 Configuration
IPv6 address
/
128
127
126
125
124
123
122
121
120
119
118
117
116
115
114
113
112
111
110
109
108
107
106
105
104
103
102
101
100
99
98
97
96
95
94
93
92
91
90
89
88
87
86
85
84
83
82
81
80
79
78
77
76
75
74
73
72
71
70
69
68
67
66
65
64
63
62
61
60
59
58
57
56
55
54
53
52
51
50
49
48
47
46
45
44
43
42
41
40
39
38
37
36
35
34
33
32
31
30
29
28
27
26
25
24
23
22
21
20
19
18
17
16
15
14
13
12
11
10
9
8
7
6
5
4
3
2
1
Use IPv4 connectivity as parent interface
IPv6 will use the IPv4 connectivity link (PPPoE)
IPv6 Upstream gateway
None
Add a new gateway
If this interface is an Internet connection, select an existing Gateway from the list or add a new one using the "Add" button.
On local LANs the upstream gateway should be "none".
×
New IPv6 Gateway
Default
Default gateway
Gateway name
Gateway IPv6
Description
Add
Cancel
DHCP Client Configuration
Options
Advanced Configuration
Use advanced DHCP configuration options.
Configuration Override
Override the configuration from this file.
Hostname
The value in this field is sent as the DHCP client identifier and hostname when requesting a DHCP lease. Some ISPs may require this (for client identification).
Alias IPv4 address
/
32
31
30
29
28
27
26
25
24
23
22
21
20
19
18
17
16
15
14
13
12
11
10
9
8
7
6
5
4
3
2
1
The value in this field is used as a fixed alias IPv4 address by the DHCP client.
Reject leases from
To have the DHCP client reject offers from specific DHCP servers, enter their IP addresses here (separate multiple entries with a comma). This is useful for rejecting leases from cable modems that offer private IP addresses when they lose upstream sync.
Protocol timing
Timeout
Retry
Select timeout
Reboot
Backoff cutoff
Initial interval
The values in these fields are DHCP protocol timings used when requesting a lease.
See
here
for more information.
Presets
FreeBSD default
Clear
pfSense Default
Saved Cfg
Configuration File Override
The value in this field is the full absolute path to a DHCP client configuration file. [/[dirname/[.../]]filename[.ext]]
Value Substitutions in Config File: {interface}, {hostname}, {mac_addr_asciiCD}, {mac_addr_hexCD}
Where C is U(pper) or L(ower) Case, and D is ":-." Delimiter (space, colon, hyphen, or period) (omitted for none).
Some ISPs may require certain options be or not be sent.
Lease Requirements and Requests
Send options
The values in this field are DHCP options to be sent when requesting a DHCP lease. [option declaration [, ...]]
Value Substitutions: {interface}, {hostname}, {mac_addr_asciiCD}, {mac_addr_hexCD}
Where C is U(pper) or L(ower) Case, and D is " :-." Delimiter (space, colon, hyphen, or period) (omitted for none).
Some ISPs may require certain options be or not be sent.
Request options
The values in this field are DHCP option 55 to be sent when requesting a DHCP lease. [option [, ...]]
Some ISPs may require certain options be or not be requested.
Require options
The values in this field are DHCP options required by the client when requesting a DHCP lease. [option [, ...]]
Option modifiers
The values in this field are DHCP option modifiers applied to the obtained DHCP lease. [modifier option declaration [, ...]]
modifiers: (default, supersede, prepend, append)
See
here
more information
DHCP6 Client Configuration
Options
Advanced Configuration
Use advanced DHCPv6 configuration options.
Configuration Override
Override the configuration from this file.
Use IPv4 connectivity as parent interface
Request a IPv6 prefix/information through the IPv4 connectivity link
Request only an IPv6 prefix
Only request an IPv6 prefix, do not request an IPv6 address
DHCPv6 Prefix Delegation size
None
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
The value in this field is the delegated prefix length provided by the DHCPv6 server. Normally specified by the ISP.
Send IPv6 prefix hint
Send an IPv6 prefix hint to indicate the desired prefix size for delegation
Debug
Start DHCP6 client in debug mode
Do not wait for a RA
Required by some ISPs, especially those not using PPPoE
Do not allow PD/Address release
dhcp6c will send a release to the ISP on exit, some ISPs then release the allocated address or prefix. This option prevents that signal ever being sent
Configuration File Override
The value in this field is the full absolute path to a DHCP client configuration file. [/[dirname/[.../]]filename[.ext]]
Value Substitutions in Config File: {interface}, {hostname}, {mac_addr_asciiCD}, {mac_addr_hexCD}
Where C is U(pper) or L(ower) Case, and D is " :-." Delimiter (space, colon, hyphen, or period) (omitted for none).
Some ISPs may require certain options be or not be sent.
Advanced DHCP6 Client Configuration
Information only
Exchange Information Only
Only exchange informational configuration parameters with servers.
Send options
DHCP send options to be sent when requesting a DHCP lease. [option declaration [, ...]]
Value Substitutions: {interface}, {hostname}, {mac_addr_asciiCD}, {mac_addr_hexCD}
Where C is U(pper) or L(ower) Case, and D is " :-." Delimiter (space, colon, hyphen, or period) (omitted for none).
Some DHCP services may require certain options be or not be sent.
Request Options
DHCP request options to be sent when requesting a DHCP lease. [option [, ...]]
Some DHCP services may require certain options be or not be requested.
Scripts
Absolute path to a script invoked on certain conditions including when a reply message is received.
[/[dirname/[.../]]filename[.ext]].
Identity Association Statement
Non-Temporary Address Allocation
id-assoc na ID
IPv6 address
pltime
vltime
Prefix Delegation
id-assoc pd ID
IPv6 prefix
pltime
vltime
Prefix interface statement
Prefix Interface sla-id
sla-len
Prefix Interface
WAN
LAN
Select the interface on which to apply the prefix delegation.
Authentication statement
Authname
Protocol
Algorithm
RDM
Keyinfo statement
Keyname
Realm
KeyID
Secret
Expire
See
here
more information
6RD Configuration
6RD Prefix
6RD IPv6 prefix assigned by the ISP. e.g. "2001:db8::/32"
6RD Border relay
6RD IPv4 gateway address assigned by the ISP
6RD IPv4 Prefix length
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
6RD IPv4 prefix length. Normally specified by the ISP. A value of 0 means embed the entire IPv4 address in the 6RD prefix.
Track IPv6 Interface
IPv6 Interface
WAN
Selects the dynamic IPv6 WAN interface to track for configuration.
IPv6 Prefix ID
(
hexadecimal
from 0 to
ff
) The value in this field is the (Delegated) IPv6 prefix ID. This determines the configurable network ID based on the dynamic IPv6 connection. The default value is 0.
PPP Configuration
Country
Provider
Plan
Select to fill in service provider data.
Username
Password
Confirm
Phone number
Typically *99# for GSM networks and #777 for CDMA networks.
Access Point Name
Modem port
None
/dev/cuau0
Advanced PPP
Advanced PPP
Create a new PPP configuration.
PPPoE Configuration
Username
Password
Confirm
Service name
This field can usually be left empty.
Host-Uniq
A unique host tag value for this PPPoE client. Leave blank unless a value is required by the service provider.
Dial on demand
Enable Dial-On-Demand mode
Idle timeout
If no qualifying outgoing packets are transmitted for the specified number of seconds, the connection is brought down. An idle timeout of zero disables this feature.
Periodic reset
Disabled
Custom
Pre-set
Select a reset timing type.
Custom reset
Hour (0-23)
Minutes (0-59)
Specific date (mm/dd/yyyy)
Leave the date field empty, for the reset to be executed each day at the time specified by the minutes and hour fields
cron based reset
Reset at each month ("0 0 1 * *")
Reset at each week ("0 0 * * 0")
Reset at each day ("0 0 * * *")
Reset at each hour ("0 * * * *")
Toggle All
Advanced and MLPPP
Advanced and MLPPP
Click for additional PPPoE configuration options. Save first if changes have been made.
PPTP/L2TP Configuration
Username
Password
Confirm
Shared Secret
L2TP tunnel Shared Secret. Used to authenticate tunnel connection and encrypt important control packet contents. (Optional)
Local IP address
/
128
127
126
125
124
123
122
121
120
119
118
117
116
115
114
113
112
111
110
109
108
107
106
105
104
103
102
101
100
99
98
97
96
95
94
93
92
91
90
89
88
87
86
85
84
83
82
81
80
79
78
77
76
75
74
73
72
71
70
69
68
67
66
65
64
63
62
61
60
59
58
57
56
55
54
53
52
51
50
49
48
47
46
45
44
43
42
41
40
39
38
37
36
35
34
33
32
31
30
29
28
27
26
25
24
23
22
21
20
19
18
17
16
15
14
13
12
11
10
9
8
7
6
5
4
3
2
1
Remote IP address
Dial on demand
Enable Dial-On-Demand mode
This option causes the interface to operate in dial-on-demand mode, allowing it to be a virtual full time connection. The interface is configured, but the actual connection of the link is delayed until qualifying outgoing traffic is detected.
Idle timeout (seconds)
If no qualifying outgoing packets are transmitted for the specified number of seconds, the connection is brought down. An idle timeout of zero disables this feature.
Advanced and MLPPP
Advanced and MLPPP
Click for additional PPTP and L2TP configuration options. Save first if changes have been made.
Reserved Networks
Block private networks and loopback addresses
Blocks traffic from IP addresses that are reserved for private networks per RFC 1918 (10/8, 172.16/12, 192.168/16) and unique local addresses per RFC 4193 (fc00::/7) as well as loopback addresses (127/8). This option should generally be turned on, unless this network interface resides in such a private address space, too.
Block bogon networks
Blocks traffic from reserved IP addresses (but not RFC 1918) or not yet assigned by IANA. Bogons are prefixes that should never appear in the Internet routing table, and so should not appear as the source address in any packets received.
This option should only be used on external interfaces (WANs), it is not necessary on local interfaces and it can potentially block required local traffic.
Note: The update frequency can be changed under System > Advanced, Firewall & NAT settings.
×
New IPv4 Gateway
Default
Default gateway
Gateway name
Gateway IPv4
Description
Add
Cancel
Save