Configuring an OPT interface as an additional LAN
-
@Lucas-Rey said in Configuring an OPT interface as an additional LAN:
Then, I opened everything in OPT1 FW Rules, so, Source: * - Destination: *
Like this :
?
I agree, not strictly needed, but you've set up a DHCP server on OPT1 ?
( just add a pool like 192.168.3.2 -> 192.168.3.100 )@Lucas-Rey said in Configuring an OPT interface as an additional LAN:
connect the PC to that interface ad assign it's own IP: 192.168.3.7/24 gw 192.168.3.1
Yeah, right, and not settings DNS can/will create "issues" ^^
-
Like this :
39573410-b5e4-416e-baa2-e5dadcc0b225-image.png
?Nope, This is the rule I added:
I agree, not strictly needed, but you've set up a DHCP server on OPT1 ?
( just add a pool like 192.168.3.2 -> 192.168.3.100 )I believe this is not necessary cause this interface has only the PC connected with static IP.
Yeah, right, and not settings DNS can/will create "issues"
DNS is setup as 192.168.10.5 where I have PiHole
The main issue is that my PC, connected to that new interface, is not able to communicate with any other interfaces. Somewhere I read that I need to configure bridge between LAN and OPT1 (aka: PCDESKTOP). But in this way maybe I'm able to reach GREEN, but not BLU and RED.
-
@Lucas-Rey said in Configuring an OPT interface as an additional LAN:
Nope, This is the rule I added:
So no ICMP, No UDP (so no DNS) ...
Are you sure ?@Lucas-Rey said in Configuring an OPT interface as an additional LAN:
DNS is setup as 192.168.10.5 where I have PiHole
DNS traffic won't reach this 192.168.10.5, you know why now.
-
@Gertjan said in Configuring an OPT interface as an additional LAN:
So no ICMP, No UDP (so no DNS) ...
Are you sure ?Why? doesn't the "*" means allow all connections?
@Lucas-Rey said in Configuring an OPT interface as an additional LAN:
DNS is setup as 192.168.10.5 where I have PiHoleDNS traffic won't reach this 192.168.10.5, you know why now.
But the main issue is not in DNS. The issue is that 192.168.3.7 can't communicate with the whole GREEN network 192.168.10.1/24
-
@Lucas-Rey said in Configuring an OPT interface as an additional LAN:
Why? doesn't the "*" means allow all connections?
This :
means : only TCP (IPv4).
This rule won't pass UDP, neither ICMP.This :
means everything (but not IPv6).
-
Do you actually need that to be in a different subnet? You could just add the port to the LAN vswitch/bridge in whatever hypervisor you're running.
-
@Gertjan said in Configuring an OPT interface as an additional LAN:
This rule won't pass UDP, neither ICMP.
DAMN! I missed the protocol config, thank you. I'll try it as soon as possible
@stephenw10 said in Configuring an OPT interface as an additional LAN:
Do you actually need that to be in a different subnet? You could just add the port to the LAN vswitch/bridge in whatever hypervisor you're running.
No, I don't need different subnet, I just follow the guide :) . But honestly same subnets it's even better.
I'm using Proxmox but it will be complicated to bridge them, cause I have already bridged the GREEN ports for LACP:
Is there any other way to avoid different subnet in pfsense?
-
Oh that's easy then. Just add the NIC to the Linux Bridge you have configured for LAN in proxmox. Remove it from pfSense entirely.
Pretty much exactly like you tried to do in that screenshot but remove it from any other bridges first.
-
@stephenw10 said in Configuring an OPT interface as an additional LAN:
Oh that's easy then. Just add the NIC to the Linux Bridge you have configured for LAN in proxmox. Remove it from pfSense entirely.
Pretty much exactly like you tried to do in that screenshot but remove it from any other bridges first.
Do you mean something like this?
Currently 2 GREEN interfaces is bridged to bond0 in LACP, so do you mean add eth6 (the new interface) to that bridge?
-
Yes assuming eth6 is the new NIC you're adding there. vmbr7 will act as a swtich there for traffic between your desktop and the rest of the LAN. That means no loading on pfSense for that traffic.
-
@stephenw10 Thank you very much, it works perfect!!!
I don't know why I didn't think before at such simple solution
