6100 initial setup problems - enabling DHCP on all 4 LAN ports
-
@SteveITS
Ahhhh - see this was my first foray into Netgate territory and saw folks mention Netgate a bunch - looked at the specs - and picked the hardware that was good - but didn't even consider that the software would wrap me around the axle.I'm all for a learning curve - and once I get this all hammered out - I will certainly post a nice neat document so other folks won't have the lumps on my forehead caused by rapid acceleration from either my palm or towards my desk.
-
Something is getting lost in translation here - I understand what you are typing - but it doesn't make sense when I look at the GUI.
I'll take some screenshots and post later - but after I create the bridge - then when you look at the listing of the interfaces - don't you select the LAN1 at the top and then select the bridge interface from the drop down?What do I do after I create the bridge with the 3 ports?
How does the device know that the bridge should get all its info from the /24 and DHCP that's set up on LAN1?
Where and how do you tell the firewall to allow the traffic to pass?
Why is there only a female face palm emoji?!
OK - I'm stepping away and will take another look on Monday with a fresh cup of java. Have a nice weekend and I do appreciate the assistance and your patience thus far.
-
@Username00 said in 6100 initial setup problems - enabling DHCP on all 4 LAN ports:
What do I do after I create the bridge with the 3 ports?
Assign and enable it as a new interface using the
+button. It will probably appear as OPT7. You can rename it.@Username00 said in 6100 initial setup problems - enabling DHCP on all 4 LAN ports:
Where and how do you tell the firewall to allow the traffic to pass?
By default bridge filtering is applied on the member interfaces so if you have not changed make sure you have pass rules on LAN2-4 and the new OPT7 interface in Firewall > Rules.
Now swap the assignments of LAN1 and OPT7 so LAN1 becomes bridge0 and OPT7 becomes igc0. Apply that.
If you are connected via LAN1 at that point you will be disconnected and should move your connection to LAN2.
However I still strongly recommend you setup WAN2 as a mgmt interface and connect to that.Now you can add OPT7 to the bridge so the LAN1 port is also included.
-
I could probably just make you a default config with this already configured?
-
@stephenw10
I do appreciate the offer - but I am a firm believer in teaching vs giving the fish paradigm.AHHHH OK - and I think I see what wasn't clear - creating a NEW interface and assigning the bridge to that - and then you answered my next question which was converting the the WAN2 port to a LAN management one.
I'll get started on this and let you know.
Many thanks!
-
Apologies for the absence - other projects got dumped on me - so now Im back here and I'm still stuck.
Thus far I have the separate interface opt7 as a bridge and lan2-4 assigned to it. the firewall rules on the bridge are the same as what's on lan1 (the default).
also, tried setting up wan2 as management and that's not going anywhere either.
so as it now stands i have 1 working wan and 1 working lan port.
-
How did you setup WAN2?
I would expect to need to:
Set it to a static IP in a new unused subnet.
Enable DHCP on that interface with a pool inside the new subnet.
Add pass firewall rules on the interface.Then you should be able to connect to it directly and access the pfSense GUI.
-
@stephenw10
Well - that's one issue right there - I don't see how to setup DHCP on the WAN interface - only LAN is listed under the DHCP Server options.Well - I'm going back to the defaults again - I suspect something along the way got wrapped around the axle again.
-
The DHCP Server setup only shows interfaces that it can run on which means only those with static IPs. By default WAN2 is configured as dhcp which is why the first step is to set it as static.
-
@stephenw10
Weird - I did that and used a different network... ok - starting from scratch and maybe this time through it will all make sense.So to recap.. from default config...
Interfaces - create bridge group and add lan2-4
create interface (default name is opt7) and assign it to the bridge groupon wan2 - assign static ip / different network / and should then appear as option for dhcp server (change default from /32!!!)
firewall rules - copy LAN to Wan2/Management interfaceSo now - im getting my dhcp ip on the management interface but still unable to go anywhere - what checkbox am i missing now?
-
@Username00 said in 6100 initial setup problems - enabling DHCP on all 4 LAN ports:
firewall rules - copy LAN to Wan2/Management interface
The default LAN rule uses 'LAN subnet' as the source but that's not valid on the WAN2/MGMT interface. So if you just copied it it will not pass traffic. Change it to 'WAN2 subnet' or any.
-
@stephenw10
AHHH - that's what that means!
OK - So now I'm good on Management - now I'm in the process of moving the LAN config over to the LANBridge.And I wound up breaking Management and the bridge..... (that default /32 on static ip got me again)
OK - I figured out via .xml how to migrate my static dhcp reservations from LAN to LANBridge - and now I think I'm good to go.
Holy crap!OK - going to save this config - start from scratch to make sure I didn't miss anything - then hook it up.
Next stop - Wireguard - (but that will be a different thread)
Thanks!
-
If you eventually reassign LAN to bridge0 the static DHCP leases and firewall rules etc would all follow that.
But, yes, it's super easy to get locked out whilst setting up a bridge (ask me how I know!). Having the mgmt interface available to connect to whilst you get the bridge configured makes it much easier.
-
What was interesting was that the dhcp config from LAN did not follow over - but it was still present in the .xml file. So easy enough to copy those entries from <lan> to <opt7>.
Lots of good gotcha items - and will post a nice document here once I've got it all sorted out for others to use.
-
If you had to copy it to opt7 then you had not yet re-assigned lan as the bridge0 interface. Once you do that everythign that was applied to the original LAN interface would apply to the bridge and hence all the bridged interfaces.
