[Super basic question...] How to properly setup pfsense with multiple LAN port and a bridge between the LAN interfaces?

johnpoz

@samleemc said in [Super basic question...] How to properly setup pfsense with multiple LAN port and a bridge between the LAN interfaces?:

none of the LAN1/2/3 can display the assigned IP address to the connected device

Huh? interfaces would never show IP of connected device. They would show the IP of the pfsense interface you set.

I would really suggest you not bridge these interfaces.. Do you not have a switch to use for ports you want in the same network. The point of interfaces is for different networks. A bridge is not a switch port, while it can do some of the functions of a switch - a bridge is not a switch.

You can have multiple networks, and devices can still talk to each other. Bridging is more complicated that clicking a button..

https://docs.netgate.com/pfsense/en/latest/bridges/index.html

samleemc

@johnpoz Thanks for the advice. At least now I can confirm my understanding is correct by your statement.

The reason why I bridge them is purely because....I don't have a switch (yet), since I have only 2 wired devices to be connected in the whole house (a NAS and an Unifi AP). All others are wireless....so hoping to save a few bucks on the switch.

johnpoz

@samleemc said in [Super basic question...] How to properly setup pfsense with multiple LAN port and a bridge between the LAN interfaces?:

so hoping to save a few bucks on the switch.

a few bucks is right, a 5 port gig switch that can do vlans even is like 20-30 bucks. For like 40 you could get a 8 port gig vlan capable switch.

While you might only have 2 wired devices now, what about down the road, or doing vlans for wireless, etc. where you would want a vlan capable switch, etc.

But if all you want to do is get these 2 wired devices on the network. They don't actually have to be on the same network - unless you need some sort of L2 discovery to work, etc.

Plug in your nas on say network 192.168.1/24 and then you could plug in your unif AP and use vlans even on the port of pfsense is connected too.. With say 192.168.2 or .3 and .4/24 networks, etc.

heper

Title should be changed to: 'how to properly set myself up for mediocre switching performance by using a router as a switch'

johnpoz

@heper hahaaha ;)

samleemc

@johnpoz hi John

This is how my complete setup is right now

I have got 2 network at the moment.

The "default" network, which is 192.168.6.1/24
The OpenVPN-NAT VLAN which is 192.168.28.1/24, which routing all traffic via the OpenVPN gateway.

The Unifi AP is now broadcasting 2 SSID, one with the default network and one on VLAN that pointing to the OpenVPN gateway (for Netflix etc in another country)

Yes, pretty much all my devices, smart TV, Projector, phone etc (connected wirelessly) need to discover the NAS (wired connected). Sometimes, I might connect my Macbook to the NAS via wire to ensure stable transfer speed. That's why I am bridging them at the moment so that they are all within the same network. Tried Avihi, but it is a bit of hit and miss sometime....

Thank you so much for all your comment! Very much appreciated!

Sam

johnpoz

@samleemc said in [Super basic question...] How to properly setup pfsense with multiple LAN port and a bridge between the LAN interfaces?:

need to discover the NAS (wired connected)

And why is that.. None of my wifi devices are on the same network as my nas - and have no issues accessing anything off of it, file shares, plex server, etc.

If your doing policy routing for a vlan out a vpn connection, and you want to access stuff on another local network you would need to bypass the policy route.

https://docs.netgate.com/pfsense/en/latest/multiwan/policy-route.html#bypassing-policy-routing

What are you running exactly that requires L2 discovery? What application or service? All that should be required to access something on another network is appropriate firewall rules to access whatever service your looking to access. What is doing L2 discovery exactly?

samleemc

@johnpoz can we setup in a way that the SMB-Auto-Discovery will work cross network? I have tried to NOT bridge them, but then the Smart TV can only access the NAS with the "specific" IP address of the NAS, and can not automatically "see" the NAS...that's why I am setting it this way at the moment.

Similar issue on this page
https://superuser.com/questions/1214691/network-discovery-of-cifs-smb-samba-with-pfsense-and-different-subnet-mask-sa

I feel like I am going to learn something new today :)

johnpoz

@samleemc said in [Super basic question...] How to properly setup pfsense with multiple LAN port and a bridge between the LAN interfaces?:

Smart TV can only access the NAS with the "specific" IP address of the NAS

And what is the problem with that - isn't that a 1 time thing?

Here is what I suggest, if you want stuff on the same network/vlan then get a switch so you can do that. Then you can put whatever you want on the same network be it a wifi or wired client.

This will save you a lot of grief in having to deal with bridging - if your heart is set on doing it the hard way ;) Then the link I gave for bridging should be helpful.

But a small purchase now of a vlan capable switch will save you lots of configuration, and also provide for a more robust network going forward.

Gertjan

@johnpoz
What if @samleemc's location is ISS, or on some base camp in Antarctica ?

Or, more serious, he rented a "housing" in some data centre with very limited "Watts" available.

For any other situation, yeah, life should be kept simple : get a switch.