2.5 Gbps Hardware
-
PFSense 2.5.2 works fine with the Intel 2.5gb cards. Just need to check the option to disable checksum in Advanced, Network settings.
I tried 2.6.0 simply because of the “better” NIC support. It has other issues though like getting “dynamic” for the IPV6 gateway address instead of the IPV6 address. So IPV6 didn’t work as intended.
2.5.2 IPV6 works great.
-
Any other 2.5gb NIC chipsets supported now?
-
New problem.....
Updated to 2.7.0.
1gb clients connected to two newly added 2.5gb NIC's are not getting IPV4/IPV6 information so they obviously can't connect.
When plugging those clients into a 1gb router which is connected via 2.5gb ports, the 1gb clients work fine.
Problem only shows up with those 1gb clients are connected directly to the 2.5gb cards.
I've tried manually setting speeds. No change.
|
All 2.5gbe clients connected to any, including the 2 new ones, 2.5gbe NIC's on the PFSense box work great.I did unclick Disable hardware checksum offload when moving from 2.5.2 to 2.6.0. Which is still unclicked.
I can't click it and reboot at the moment. People using it.
I've checked gateways, firewall rules, etc., for the new NIC's. Feels like I'm missing some option.
Even more confusing, at least to me, if I connect either 1gb client to the built in LAN port in the PFSense box, they connect fine. Same rules, etc.
Has to be something about the 2.5gb NIC's not falling back to 1gb properly???
Or a horse of a different color?
-
Not saying this is the "right" way to set this up but did make it work.
My NIC's are bridged.
Formerly had the tunable set to use the bridge interface.
net.link.bridge.pfil_member Packet filter on the member interface 0
net.link.bridge.pfil_bridge Packet filter on the bridge interface 1Had one rule in the firewall for the LAN.
I changed it to filter on the member.
net.link.bridge.pfil_member Packet filter on the member interface 1
net.link.bridge.pfil_bridge Packet filter on the bridge interface 0I added rules for each member, just took a second, in the firewall. Left the existing LAN rule in place.
Every client is happy now regardless of which port, 1gb or 2.5gb, connected to on the PFSense box.
I've checked each rule and there is data transmission through each, LAN and members.
While it works, not saying its right and I still feel like I've missed something in terms of a setting by adding additional 2.5gb cards to the box/bridge.
-
If you have people using and depending on that box you should not be running 2.7-Alpha. Yopu should go back to the 2.6-RC branch when you can.
Steve
-
@stephenw10, I totally agree with you, because if they know they need the system 100%, do they use development versions?
-
Had I known 2.7.0 was an alpha version would've stayed clear.
Any insight on what happened because I put 2 new 2.5gb NIC's in?
-
If it was in addition to the existing 2.5G NICs it probably re-ordered them and the old interfaces had pass rules which then no longer applied.
But without seeing what was happening at the time that's just a guess.
-
It did of course reassign them. igc0 became ig4, etc.
I put all the NIC's in the bridge list and saved it.
Would make sense if all clients couldn't connect. It was just the 1gb ones.
Even if some assignment got confused in the firewall rules for the bridge lan, how would 2.5gb clients get through?
Edit: Additional piece just found out. The two that would not connect are work PC's. They are configured to use only IPV6. They connect to the employers VPN. Only show "Internet Connectivity" with IPV6 even though IPV4 is present in their NIC's Status information.
-
Ok, then I'd guess this is an IPv6 issue and not a 1G vs 2.5G problem.
-
As noted connected to the 1gb port on the same box, the built in Realtek LAN port, worked fine.
"re0" woulda stayed the same though......I didn't put more Realtek based cards in.
Now that I have, like I did before and removed them, rules for each card, member of the bridge, can I remove the LAN rule I created?
The Asus AX86U which worked when those two clients were connected to its 1gb ports, what I didn't do was plug one of those clients into the 2.5gb port the Asus AX86U was connected to.
That's the one 2.5gb port I didn't test.
-
If you moved filtering from the bridge interface to the member interfaces then you don't need a rule on the assigned bridge interface, but it doesn't hurt to leave it there.
-
Thanks. It is getting traffic at least the counter is showing so.
-
For kicks I set everything back the way it was for the tunable to track the bridge, not member interfaces, and had just the LAN firewall rule enabled.
It works for all clients.
-
J JimBob Indiana referenced this topic on
