The Dreaded PFSense as a Switch (Temporarily)

mythos1357 · Apr 25, 2025, 6:35 PM

Well, it worked somewhat. I had to move the dhcp to the bridge via the shell and while I now get IP and such from any of the 4 ports I have somehow managed to bypass the lockout protection... I can't access the web ui. I'm guessing there was a leftover firewall rule or perhaps even a lack of one but for now I'm stuck with the shell purely.

Any tips? Tried resetting the webui and doing a full device restart. And thank you for responding so quickly to a topic I know is frowned on!

mythos1357 · Apr 25, 2025, 7:32 PM

@provels

Thanks you the resource you linked I was able to find the firewall temporary bypass and correct my mistake after some fumbling around. Thank you so much for assisting me with this issue!

Hopefully the performance isn't too terrible for these 2 weeks but honestly I was about ready to head into the streets and beg for a spare router/switch...

provels · Apr 25, 2025, 9:43 PM

@mythos1357 said in The Dreaded PFSense as a Switch (Temporarily):

Hopefully the performance isn't too terrible for these 2 weeks

I dunno. I think you'll be fine. I run a wired and 2 wireless interfaces on a bridge and it seems to work OK! Not because I should but because I can.

johnpoz · Apr 26, 2025, 12:25 AM

@mythos1357 what are you doing between the clients that they need to be on the same network?

Why would you not just create 3 networks, with any any rules - other than broadcast or multicast the devices could talk to each other just like they were on the same network.

You wouldn't of had to mess around with bridging stuff that way - and as you said it's just temp..

mythos1357 · Apr 26, 2025, 10:30 AM

@johnpoz

Main computer + NAS and mediacenter + security camera system. You can probably see the communication need between these 3

johnpoz · Apr 26, 2025, 11:46 AM

@mythos1357 none of that says same network to me.. The only thing that would require them to be on the same network would be broadcast/multicast.

My cameras sure are not on the same network as my pc or nas.. My plex isn't even on the same network as my roku sticks.

My printer isn't on the same network as my pc and I print just fine, etc..

mythos1357 · Apr 26, 2025, 12:18 PM

@johnpoz

Aye I'm sure it could be just as fine but compared to selecting 3 interfaces and making a bridge on them the simplicity appears to me far easier. I was stressed enough yesterday just getting things up and running after figuring out the disaster so simplest and quickest was the path for me.

I will be splittings things into separate networks once I have the managed switch arrive and do things proper as I have a AP I most definately do not want to give much leeway in the network since its only used by visitors etc, but thats a problem for when the hardware arrives. Visitors can manage without free wifi for 2 weeks since its a courtesy thing :)

johnpoz · Apr 26, 2025, 1:16 PM

@mythos1357 it would of taken all of a couple of seconds to create networks on the 2 other interfaces..

vs

"Well, it worked somewhat. I had to move the dhcp to the bridge via the shell and while I now get IP and such from any of the 4 ports I have somehow managed to bypass the lockout protection."

Or even have to ask how to do it in the first place.

mythos1357 · Apr 26, 2025, 1:16 PM

@johnpoz

I appreciate what you're trying to say and I hope you can appreciate the sheer stress I was under at the time of choosing the approach. I made lots of mistakes due to it and I am correcting and tweaking them as of now, but things work right now and thats good enough.

The lockout protection thing was a simple " I forgot to hit apply settings " because of the stress :)

johnpoz · Apr 26, 2025, 1:55 PM

@mythos1357 glad you have a working network - just confused on why you stressed about it in the first place.. Seems self induced to be honest.

Not sure why you went about messing with a setup you were not clear about how to do, when simple creation of 3 networks for your 3 devices would of been simpler path.

Especially if your goal is segmentation anyway.

Now you have to undo all that when you get your switch.. If you would of just created 3 segments from the get go - you more than likely could of just leveraged those as your uplinks from your switch and been done. Just putting your other devices on their respective networks.. And creating the firewall rules you will want when you actually segment.

Guess it was a good learning experience.

mythos1357 · Apr 26, 2025, 2:35 PM

@johnpoz

Stress is always self induced and a silly thing to do, but it still happens so eh... I always treat things as a learning moment so it doesn't become a negative thing so thank you for the educational tips and help!

johnpoz · Apr 26, 2025, 2:41 PM

@mythos1357 said in The Dreaded PFSense as a Switch (Temporarily):

Stress is always self induced and a silly thing to do

Wise words for sure..

Life throws things at you - but yeah stressing about anything for sure is always self induced ;)