• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

What if I install the third NIC?

Scheduled Pinned Locked Moved Firewalling
4 Posts 3 Posters 2.3k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • A
    akoei
    last edited by Aug 30, 2007, 9:34 PM

    I have a running pfSense with 2 interfaces - WAN and LAN.

    I just want this pfSense have multiple LAN ports, so I added another NIC. I know usually the third NIC is for DMZ, but I this time bridged this NIC with LAN.

    Now I have two LAN ports, but the issue is my lan computers don't know which interface is gateway: sometime use LAN, sometime use this new NIC - OPT1.

    So I have to add another parallel firewall rules under OPT1, same as LAN. I am wondering why this OPT1 can't act as another port like those 4 ports router in market?

    1 Reply Last reply Reply Quote 0
    • G
      GruensFroeschli
      last edited by Aug 30, 2007, 9:41 PM

      If you bridge an Interface the bridged interface should not have an IP!
      If you have the interfaces WAN, LAN and OPT1 and you bridge OPT1 to LAN, then LAN has an IP but not OPT1.
      Your Clients then always use the IP of your LAN as Gateway even if they are connected to your OPT1 interface.

      Btw: These 4-port routers are actually 2-port routers with a 4-port-switch integrated.

      We do what we must, because we can.

      Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

      1 Reply Last reply Reply Quote 0
      • A
        akoei
        last edited by Aug 31, 2007, 2:01 PM

        @GruensFroeschli:

        If you bridge an Interface the bridged interface should not have an IP!
        If you have the interfaces WAN, LAN and OPT1 and you bridge OPT1 to LAN, then LAN has an IP but not OPT1.
        Your Clients then always use the IP of your LAN as Gateway even if they are connected to your OPT1 interface.

        Btw: These 4-port routers are actually 2-port routers with a 4-port-switch integrated.

        You are right, OPT1 doesn't have an IP:
        OPT1 interface (rl0)
        Status up
        DHCP down 
        MAC address 00:48:54:1e:0a:67
        Media 100baseTX <full-duplex>In/out packets 21766712/22321027 (1.33 GB/3.51 GB)
        In/out errors 0/0
        Collisions 0
        Bridge (bridge0) learning

        while LAN:
        LAN interface (dc0)
        Status up
        MAC address 00:04:5a:72:b8:a6
        IP address 192.168.5.1 
        Subnet mask 255.255.255.0
        Media 100baseTX <full-duplex>In/out packets 19974361/20812666 (3.06 GB/2.50 GB)
        In/out errors 319/1
        Collisions 0
        Bridge (bridge0) learning

        But why LAN computers some time use LAN interface to go out, sometime use OPT1 interface? On another words, if I issue arp -a on a LAN computers, some time the 192.168.5.1 point to LAN MAC address, sometime point to OPT1 MAC address.

        Any idea?</full-duplex></full-duplex>

        1 Reply Last reply Reply Quote 0
        • C
          cmb
          last edited by Sep 2, 2007, 7:57 AM

          @akoei:

          But why LAN computers some time use LAN interface to go out, sometime use OPT1 interface? On another words, if I issue arp -a on a LAN computers, some time the 192.168.5.1 point to LAN MAC address, sometime point to OPT1 MAC address.

          Any idea?

          It doesn't matter, the firewall answers and works fine with either/or. It's probably a quirk of some sort in the FreeBSD ARP code when combined with if_bridge.

          1 Reply Last reply Reply Quote 0
          4 out of 4
          • First post
            4/4
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
            This community forum collects and processes your personal information.
            consent.not_received