Netgate 2100 LAN Ports
-
Hello,
I recently acquired a Netgate 2100. I'm quite confused by the port management in pfSense.I need a WAN port and 2 LAN ports (with DHCP for the first local network and the Web connection to NetGate, without DHCP for the other with HaProxy for my web and database servers). On an Ubuntu with 3 network cards, it is very easy to configure.
There, with Netgate 2100, I have a mvneta0 (WAN) and a mvneta1 (LAN). I have seen how to create Opt1 but do I have to create a LAN1 (for the first local network) or is the mvneta1 LAN enough ?
Regards. Ganael.
-
You can use the untagged mvneta1 NIC as the first LAN and a tagged VLAN on it as the second interface.
However I would recommend using tagged VLANs for both to avoid incorrectly untagged traffic ending up on the wrong interface. Be sure to have some other connection to the firewall when configuring that though because it's easy to lock yourself out!
Steve
-
@GanaelG If I may, the 2100 has a four port switch for LAN. You can isolate one or more ports if you need them to behave like a separate physical interface:
https://docs.netgate.com/pfsense/en/latest/solutions/netgate-2100/configuring-the-switch-ports.html
What you name the new interface (OPT1 or LAN1 or DMZ or SERVERS) is up to you. Then you can configure a separate subnet on each interface (LAN and SERVERS).
-
Hello,
Thank you for your answers.Reminder of the desired configuration :
- Orange Box IP : 192.168.1.1
- Netgate 2100
- WAN Static IP : 192.168.1.2
- LAN (Local) Static IP : 192.168.0.2 [W/ DHCP server]
- LAN (Servers) Static IP : 192.168.2.2 [W/O DHCP server] (used by HaProxy)
OK. I reset the Netgate with the console and defined the WAN and LAN :
I create 2 VLans on mvneta1 :
If I assign LAN Port 1 as IP Static address 192.168.0.2 (which is LAN's IP
) , I have a conflict :
I suppose this implies that I should have defined in console mode another IP address for LAN to avoid conflict with LAN Port 1. I could have used 192.168.3.2... But once LAN Port 1 and LAN Port 2 are defined (without errors), how do I โseparateโ myself from the IP address initially assigned to LAN and its DHCP server ? I'm not going to keep a useless IP address and DHCP server.
Thank you for your help. All the best. Ganael
-
@GanaelG Assign LAN (LOCAL) to 192.168.0.2/24.
Assign LAN SERVERS to 192.168.2.2/24.If you are using VLANs and not isolating the ports, then you have only one cable connected to the four port switch, correct?
-
Hello,
Concerning cables :
RED : WAN [192.168.1.2]
GREEN : Local LAN [192.168.0.2] : IP of my PC connected to the Netgate (console and Web) : 192.168.0.100
BLUE : Servers LAN [192.168.2.2] - 2 Apache Servers [192.168.2.101, 192.168.2.102 by example]I went back to console mode and reconfigured the IP addresses:
Again an error, my Local PC does not change IP. Normally, if I've understood correctly, it should become: 192.168.0.100 (via the green cable).Maybe a problem with the default firewall?
I despair of understanding how this works. Obviously, there's documentation but no standard setting procedure. You can't guess at everything, and where are the default settings that the device automatically makes specified?
Clearly I'm going about this the wrong way with Netgate. I'm beginning to think I'd be better off going back to my IPFire/Nginx.
Thank you so much for your help. I don't want to take up too much of your time. Regards. Ganael.
-
@GanaelG If you have two cables then you presumably want two separate ports and two physical networks, which is the doc page linked above:
https://docs.netgate.com/pfsense/en/latest/solutions/netgate-2100/configuring-the-switch-ports.html
The example is for port 4 but you can do it for port 2 and 3 also.
-
Hello,
Thank you for your help. For Opt1, the configuration is functional. I can use the Internet from this VLan.
Now for OPT2, I plan to use HaProxy. And here, I encounter 2 difficulties:- the first is that, visibly, it has to be configured with the WebConfigurator. No CLI tools ? That said, I can understand it, given the VLan imposed by Netgate's hardware/software.
- the second results from the first point. This is HAProxy's interface with pfSense. The Opt2 configuration is hard to guess. Should it be configured like Opt1 ?
The Web configurator is no help. You have to click through all the sub-menus. Now I realize that I really, really like command lines ! I'm opening a new question not for step-by-step guidance but to find out what I need to set up to use HaProxy as a reverse proxy (WAN - Opt2).
Thanks again for your help. Regards. Ganael. -
So you're connecting some servers on OPT2 and want to put HAProxy in front of them?
First get the port, VLAN and switch configured in the same way you did for OPT1. Connect the server(s) and make sure they are in the correct subnet and are reachable.
Then add HAProxy.
