2.5 Gbps Hardware
-
Not saying this is the "right" way to set this up but did make it work.
My NIC's are bridged.
Formerly had the tunable set to use the bridge interface.
net.link.bridge.pfil_member Packet filter on the member interface 0
net.link.bridge.pfil_bridge Packet filter on the bridge interface 1Had one rule in the firewall for the LAN.
I changed it to filter on the member.
net.link.bridge.pfil_member Packet filter on the member interface 1
net.link.bridge.pfil_bridge Packet filter on the bridge interface 0I added rules for each member, just took a second, in the firewall. Left the existing LAN rule in place.
Every client is happy now regardless of which port, 1gb or 2.5gb, connected to on the PFSense box.
I've checked each rule and there is data transmission through each, LAN and members.
While it works, not saying its right and I still feel like I've missed something in terms of a setting by adding additional 2.5gb cards to the box/bridge.
-
If you have people using and depending on that box you should not be running 2.7-Alpha. Yopu should go back to the 2.6-RC branch when you can.
Steve
-
@stephenw10, I totally agree with you, because if they know they need the system 100%, do they use development versions?
-
Had I known 2.7.0 was an alpha version would've stayed clear.
Any insight on what happened because I put 2 new 2.5gb NIC's in?
-
If it was in addition to the existing 2.5G NICs it probably re-ordered them and the old interfaces had pass rules which then no longer applied.
But without seeing what was happening at the time that's just a guess.
-
It did of course reassign them. igc0 became ig4, etc.
I put all the NIC's in the bridge list and saved it.
Would make sense if all clients couldn't connect. It was just the 1gb ones.
Even if some assignment got confused in the firewall rules for the bridge lan, how would 2.5gb clients get through?
Edit: Additional piece just found out. The two that would not connect are work PC's. They are configured to use only IPV6. They connect to the employers VPN. Only show "Internet Connectivity" with IPV6 even though IPV4 is present in their NIC's Status information.
-
Ok, then I'd guess this is an IPv6 issue and not a 1G vs 2.5G problem.
-
As noted connected to the 1gb port on the same box, the built in Realtek LAN port, worked fine.
"re0" woulda stayed the same though......I didn't put more Realtek based cards in.
Now that I have, like I did before and removed them, rules for each card, member of the bridge, can I remove the LAN rule I created?
The Asus AX86U which worked when those two clients were connected to its 1gb ports, what I didn't do was plug one of those clients into the 2.5gb port the Asus AX86U was connected to.
That's the one 2.5gb port I didn't test.
-
If you moved filtering from the bridge interface to the member interfaces then you don't need a rule on the assigned bridge interface, but it doesn't hurt to leave it there.
-
Thanks. It is getting traffic at least the counter is showing so.
-
For kicks I set everything back the way it was for the tunable to track the bridge, not member interfaces, and had just the LAN firewall rule enabled.
It works for all clients.
-