Bridging NICs in pfSense 2.0?
-
This was really straight forward in 1.2.3, but I cannot figure it out correctly in 2.0.
I have, for sake of my story, 3 NICs. 1 for WAN, 1 for LAN, and I want to use the 3rd NIC to straight connect my Wireless access point. Im considering putting it on a different subnet eventually, but I wanted to get bridging working because it's a useful thing to know how to do.
I want a 1 WAN to 2 (or more maybe!) LAN ports out (same network, and able to communicate with each other seamlessly)
I read this tutorial from 2.0-RC3: http://forum.pfsense.org/index.php/topic,38042.0.html
It sort of made sense, but something seems a bit circular to me. So, you bridge 2 interfaces, then you assign the interfaces to BRIDGE0? That's like a circular dependency, isn't it? Or maybe I'm not following something right?
Another way it might be taken (but I have to wait for some downtime to attempt to set it up) is:
-
setup "NIC1" type "none".
-
setup "NIC2" type "none".
-
create bridge with NIC1 and NIC2
-
assign LAN to BRIDGE 0
-
setup "LAN" to be static IP with the router's IP, just like you'd do with a single NIC
Does that sound right??
-
-
Another way it might be taken (but I have to wait for some downtime to attempt to set it up) is:
-
setup "NIC1" type "none".
-
setup "NIC2" type "none".
-
create bridge with NIC1 and NIC2
-
assign LAN to BRIDGE 0
-
setup "LAN" to be static IP with the router's IP, just like you'd do with a single NIC
Does that sound right??
Yes this is how you should to it.
After you assigned the bridge as an addition interface:
Dont forget that rules still apply inbound.
–> Traffic comming in on NIC1 need a rule on the NIC1-tab and for NIC2 vice versa.
--> Traffic destined for the pfSense itself need additionally a rule on the bridge. -
-
?? ???
When I go to bridges on any of my boxes, I can only assign either wan, lan, opt1, vpn, ect… I cannot assign actual nic's as described... Am I missing something?
-
You first need to assign the physical or logical interface as LAN/WAN/OPTx.
But yes you only bridge the actually assigned interfaces.
That is why you need to setup them to "none". -
Ah- I see! And I only added to my confusion by renaming "opt1" to "bridged"… ::)
Thanks!
