New pfsense user looking for feedback/help on network setup
-
If all you want is all your devices on your LAN and OPT devices to communicate without any firewalling, why not just move them all to the same port on a switch running on the same subnet?
The only reason you'd want to use the OPT ports is that you want to segregate your network more to restrict access, but this seems to be an unnecessary complication for what you want to do.
-
My problem is now is that I can't seem to get anything past the initial configuration working. I plug a notebook straight into OPT1 (vr2) and not matter which configurations of interfaces and firewall rules I can't even get the device to get a damn IP. I think that would be the first step I need help with.
Is LAN bridged with the OPT1 interface? (Given that you have said you want everything to communicate with everything else you may chosen bridging as a way of doing that.) If so and you are using some variant of pfSense 1.2.1, you may need to add firewall rules to pass DHCP traffic on the OPT1 interface.
For some reason, which I have never seen explained anywhere, a change was made during 1.2.1 development so that DHCP traffic on some (all?) bridged interfaces is blocked by the firewall. On my pfSense box LAN is bridged with WLAN (OPT1) but the DHCP server has no option for enabling DHCP on OPT1 and the firewall blocks DHCP on OPT1.
You could look in the firewall log (from the web GUI, Status -> System logs, click on the firewall tab) for blocked packets from OPT1.
If you don't have LAN bridged with OPT1 have you enabled the DHCP server on OPT1?
-
For the moment while I'm still getting used pfsense I will just use eth0 and eth1. What don't know how to do is make it so that psfsense on my net5501 handles all DHCP and port forwarding, even from those devices connected to my WRT54GS routers, any idea how to go about that?
-
Disable the DHCP server on your WRT53GS routers, and plug the routers into your pfSense box using the LAN ports. Give the LAN IP of the routers a unique IP on the LAN. Don't use the WAN ports on the routers at all.
-
Wow it worked no problems what so ever, thank you for the help!
-
I am having (what I think, at least) to be a very similiar problem.
DHCP just doesn't seem to work on OPT1 for me. I have checked the firewall logs as mentioned above and see no mention of OPT1.
I have tried with a switch, a AP and a laptop plugged in directly and none received an IP.
I am trying to seperate OPT1 from LAN (it wll be my wireless), and I have not bridged them. Is there a firewall required as mentioned above?
-
Stupid question: did you enable the DHCP server on the OPT interface?
-
Yes I did, I also tried turning it off and then back on again - no change.
-
Post the rules of your OPT1 interface and the settings at DHCP OPT1 tab.
When plugging a switch in the OPT1 IF, did the link lights show up? Otherwise try another cable. -
Girbot, perhaps you need a cross over cable on OPT1. (Depends on the interfaces at each end.)
-
Willing to try, but would I should I need one between an onboard nic and an AP?
Link to the mobo/case:
http://www.asus.com/products.aspx?l1=1&l2=3&l3=409&l4=0&model=2072&modelmenu=2Also attached two screenshots of the web gui settings incase I am being blonde…
-
LAN interfaces generally have associated LEDs that show Link Status (On/Off, link speed: 10 Mbps or 100 Mbps etc) and Activity. When you plug your cable into OPT1 does the Link Status LED come on within a few seconds? If so, your cable is good and you don't need a cross over cable. If not, your cable might be broken or you might need a cross over cable.
LAN cables are normally "straight through": pin 1 to pin 1, 2 to 2 etc. This means if you connect two NICs together with a straight through cable you connect the receiver of one NIC to the receiver of the other NIC and the transmitter of one NIC to the transmitter of the other. Therefore neither can hear the other (the receiver of each needs to be connected to the transmitter of the other). LAN sockets on switches are normally wired differently to sockets on NIC cards and motherboards so this "cross over" happens automatically. If you connect two NIC sockets that normally connect to a switch (e.g. two NIC cards) you will need a cross over cable to provide the cross over that would normally be provided by the switch. (Some recent NICs have polarity sensing and can provide their own cross over when required. If you have one of them you won't need a cross over cable. Its less likely you will find this facility on equipment built down to a price, e.g. motherboard LAN interfaces, cheap routers etc).
-
I will double check when I get home this evening, but I am fairly sure that both the OPT1 nic and the attached device (Laptop/Switch/AP) were all lit.
-
Sorry to bump such an old thread, not had the time to look at this until last weekend.
I am now pretty certain that the issue is with the NIC, or Pfsense, and the AP and DHCP works fine through the LAN interface. I've tested different cables and all work fine through the LAN interface.
DHCP just isn't server through the OPT1 interface. I am going to try swapping the interfaces to try to pinpoint what the issue may….
OK swapping had no impact, and the NIC only had an amber light not green light. I am fairly certain the NIC is ok, pretty sure I used it with Fedora before I installed Pfsense on this box.
So now I'm thinking the onboard and Pfsense don't play well together - is there a way to get them to play nice?!
