Configuring an OPT interface as an additional LAN
-
Dear community, here is a newbie that is trying to do a simple job but fails
My PfSense has 3 interfaces (physical interfaces on server):
- vtnet0 GREEN 192.168.10.1/24
- vtnet1 RED
- vtnet2 BLUE WiFi 192.168.2.1/24
Everything is working as expected. Now, because my x710-t4 10Gb network card has one more free port, and currently I don't have a 10Gb switch, I added one more interface where my main PC (with 10Gb card) should be connected to use the 10Gb speed.
The goal is allow the PC to communicate with the other networks without limitation.
To do that I followed this guide. So I configured the OPT1 interface and assign it the ip 192.168.3.1/24, connect the PC to that interface ad assign it's own IP: 192.168.3.7/24 gw 192.168.3.1Then, I opened everything in OPT1 FW Rules, so, Source: * - Destination: *
Problem is that as soon as I connect the PC to such interface, I cannot communicate with any interfaces, nor GREEN, nor BLU or RED.
Could someone please help me to understand what I missed?
Thank you
Lucas -
@Lucas-Rey said in Configuring an OPT interface as an additional LAN:
Then, I opened everything in OPT1 FW Rules, so, Source: * - Destination: *
Like this :
?
I agree, not strictly needed, but you've set up a DHCP server on OPT1 ?
( just add a pool like 192.168.3.2 -> 192.168.3.100 )@Lucas-Rey said in Configuring an OPT interface as an additional LAN:
connect the PC to that interface ad assign it's own IP: 192.168.3.7/24 gw 192.168.3.1
Yeah, right, and not settings DNS can/will create "issues" ^^
-
Like this :
39573410-b5e4-416e-baa2-e5dadcc0b225-image.png
?Nope, This is the rule I added:
I agree, not strictly needed, but you've set up a DHCP server on OPT1 ?
( just add a pool like 192.168.3.2 -> 192.168.3.100 )I believe this is not necessary cause this interface has only the PC connected with static IP.
Yeah, right, and not settings DNS can/will create "issues"
DNS is setup as 192.168.10.5 where I have PiHole
The main issue is that my PC, connected to that new interface, is not able to communicate with any other interfaces. Somewhere I read that I need to configure bridge between LAN and OPT1 (aka: PCDESKTOP). But in this way maybe I'm able to reach GREEN, but not BLU and RED.
-
@Lucas-Rey said in Configuring an OPT interface as an additional LAN:
Nope, This is the rule I added:
So no ICMP, No UDP (so no DNS) ...
Are you sure ?@Lucas-Rey said in Configuring an OPT interface as an additional LAN:
DNS is setup as 192.168.10.5 where I have PiHole
DNS traffic won't reach this 192.168.10.5, you know why now.
-
@Gertjan said in Configuring an OPT interface as an additional LAN:
So no ICMP, No UDP (so no DNS) ...
Are you sure ?Why? doesn't the "*" means allow all connections?
@Lucas-Rey said in Configuring an OPT interface as an additional LAN:
DNS is setup as 192.168.10.5 where I have PiHoleDNS traffic won't reach this 192.168.10.5, you know why now.
But the main issue is not in DNS. The issue is that 192.168.3.7 can't communicate with the whole GREEN network 192.168.10.1/24
-
@Lucas-Rey said in Configuring an OPT interface as an additional LAN:
Why? doesn't the "*" means allow all connections?
This :
means : only TCP (IPv4).
This rule won't pass UDP, neither ICMP.This :
means everything (but not IPv6).
-
Do you actually need that to be in a different subnet? You could just add the port to the LAN vswitch/bridge in whatever hypervisor you're running.
-
@Gertjan said in Configuring an OPT interface as an additional LAN:
This rule won't pass UDP, neither ICMP.
DAMN! I missed the protocol config, thank you. I'll try it as soon as possible
@stephenw10 said in Configuring an OPT interface as an additional LAN:
Do you actually need that to be in a different subnet? You could just add the port to the LAN vswitch/bridge in whatever hypervisor you're running.
No, I don't need different subnet, I just follow the guide :) . But honestly same subnets it's even better.
I'm using Proxmox but it will be complicated to bridge them, cause I have already bridged the GREEN ports for LACP:
Is there any other way to avoid different subnet in pfsense?
-
Oh that's easy then. Just add the NIC to the Linux Bridge you have configured for LAN in proxmox. Remove it from pfSense entirely.
Pretty much exactly like you tried to do in that screenshot but remove it from any other bridges first.
-
@stephenw10 said in Configuring an OPT interface as an additional LAN:
Oh that's easy then. Just add the NIC to the Linux Bridge you have configured for LAN in proxmox. Remove it from pfSense entirely.
Pretty much exactly like you tried to do in that screenshot but remove it from any other bridges first.
Do you mean something like this?
Currently 2 GREEN interfaces is bridged to bond0 in LACP, so do you mean add eth6 (the new interface) to that bridge?
-
Yes assuming eth6 is the new NIC you're adding there. vmbr7 will act as a swtich there for traffic between your desktop and the rest of the LAN. That means no loading on pfSense for that traffic.
-
@stephenw10 Thank you very much, it works perfect!!!
I don't know why I didn't think before at such simple solution
