Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    What if I install the third NIC?

    Firewalling
    3
    4
    2.3k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      akoei
      last edited by

      I have a running pfSense with 2 interfaces - WAN and LAN.

      I just want this pfSense have multiple LAN ports, so I added another NIC. I know usually the third NIC is for DMZ, but I this time bridged this NIC with LAN.

      Now I have two LAN ports, but the issue is my lan computers don't know which interface is gateway: sometime use LAN, sometime use this new NIC - OPT1.

      So I have to add another parallel firewall rules under OPT1, same as LAN. I am wondering why this OPT1 can't act as another port like those 4 ports router in market?

      1 Reply Last reply Reply Quote 0
      • GruensFroeschliG
        GruensFroeschli
        last edited by

        If you bridge an Interface the bridged interface should not have an IP!
        If you have the interfaces WAN, LAN and OPT1 and you bridge OPT1 to LAN, then LAN has an IP but not OPT1.
        Your Clients then always use the IP of your LAN as Gateway even if they are connected to your OPT1 interface.

        Btw: These 4-port routers are actually 2-port routers with a 4-port-switch integrated.

        We do what we must, because we can.

        Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

        1 Reply Last reply Reply Quote 0
        • A
          akoei
          last edited by

          @GruensFroeschli:

          If you bridge an Interface the bridged interface should not have an IP!
          If you have the interfaces WAN, LAN and OPT1 and you bridge OPT1 to LAN, then LAN has an IP but not OPT1.
          Your Clients then always use the IP of your LAN as Gateway even if they are connected to your OPT1 interface.

          Btw: These 4-port routers are actually 2-port routers with a 4-port-switch integrated.

          You are right, OPT1 doesn't have an IP:
          OPT1 interface (rl0)
          Status up
          DHCP down 
          MAC address 00:48:54:1e:0a:67
          Media 100baseTX <full-duplex>In/out packets 21766712/22321027 (1.33 GB/3.51 GB)
          In/out errors 0/0
          Collisions 0
          Bridge (bridge0) learning

          while LAN:
          LAN interface (dc0)
          Status up
          MAC address 00:04:5a:72:b8:a6
          IP address 192.168.5.1 
          Subnet mask 255.255.255.0
          Media 100baseTX <full-duplex>In/out packets 19974361/20812666 (3.06 GB/2.50 GB)
          In/out errors 319/1
          Collisions 0
          Bridge (bridge0) learning

          But why LAN computers some time use LAN interface to go out, sometime use OPT1 interface? On another words, if I issue arp -a on a LAN computers, some time the 192.168.5.1 point to LAN MAC address, sometime point to OPT1 MAC address.

          Any idea?</full-duplex></full-duplex>

          1 Reply Last reply Reply Quote 0
          • C
            cmb
            last edited by

            @akoei:

            But why LAN computers some time use LAN interface to go out, sometime use OPT1 interface? On another words, if I issue arp -a on a LAN computers, some time the 192.168.5.1 point to LAN MAC address, sometime point to OPT1 MAC address.

            Any idea?

            It doesn't matter, the firewall answers and works fine with either/or. It's probably a quirk of some sort in the FreeBSD ARP code when combined with if_bridge.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.