Have I got this right?
-
pfSense will route between the different subnets.
So for example if you have one interface on subnet 192.168.100.* and another on 192.168.101.* then you could ping a machine on the first subnet, say 192.168.100.10, from another machine on the second subnet, say 192.168.101.10. You would have to put in place firewall rules to allow this though.pfSense can also include dhcp leases in dns so that you can access local machines by name.
However some software, games for example, often only look on the local subnet for other machines.
You can bridge the interfaces such that they will all be on the same subnet. That can introduce other problems though.
The question is why you want to divide you network into subnets? If it's just for the learning experience then go for it!
Steve
-
Thanks for the replies.
Steve, I don't want to divide the network in to different subnets, but 'marcelloc' said:
if you have one lan for each switch, then you can configure each interface with distinct network subnet for each switch.
So are you saying that all LAN ports can be on the same subnet? As this is just for home use, albeit with quite a lot of network devices, I was hoping it would be a case of getting all the NICs up and running and connect a switch to each LAN port.
Thanks
Phil
-
all LAN ports can be on the same subnet?
Can be done if you configure all lan networks on a single bridge, just to use the hardware
-
OK, so what is normal for home use? Split the switches to different subnets/LAN ports or not? Steve, you say bridging the interface so all switches are on the same subnet can create problems, so what is the alternative?
I basically want a pfSense box (to simply use as a router) with a load of NIC cards that I can connect switches to, rather than daisychain switches throughout my house.
Cheers
-
OK, so what is normal for home use?
What is normal for home use would be to have one WAN and one LAN on your pfSense router. Then connect the LAN port to a switch. From that switch, connect all your other switches throughout the house.
It sounds like you want to use your pfSense router as a router and a switch to connect to the rest of your switches. If that is the case, then you need to bridge the interfaces in pfSense so that they all use the same broadcast domain and act like a layer 2 device (a switch). It's just not as common but since you have all those network cards in one box it should work.
-
It sounds like you want to use your pfSense router as a router and a switch to connect to the rest of your switches.
Yes! That's exactly it.
…then you need to bridge the interfaces in pfSense so that they all use the same broadcast domain and act like a layer 2 device (a switch).
Is this done within the webGUI?
Apologies for all the questions, but I'm a bit clueless in the pfSense arena.
Cheers
-
Yes, you can do it in the web GUI. I haven't done it myself but under "Interfaces -> Assign Interfaces -> Bridges" it looks promising… Poke around in there. You'll want all your LAN interfaces in the same bridge.
-
There's a load of good info on bridging: http://doc.pfsense.org/index.php/Category:Bridging
The problems I mentioned earlier are that when you bridge the interfaces together traffic between them has to be processed by pfSense. Usually this is a good thing as you can put firewall rules in place to restrict access. However if you just want all traffic to pass it is a serious bandwidth restriction. Just be aware of this. You don't want to be moving large amounts of data across the bridge if you can help it.
What sort of hardware are you planning to use?
Steve
-
The hardware I have is an Intel Core i3-2120 3.30GHz CPU and Intel DQ67 mobo. I have a max of 8GB of RAM available and a Crucial 128GB SSD.
Network cards are Intel Pro 1000 PT cards.
Also, the motherboard has integrated graphics - do you think this will cause any probs or should I consider a dedicated graphics card?
You mention not moving large amounts of data across the bridge - how much would cause a problem? HD video streaming?
Thanks
-
Integrated graphics are of no consequence with regards to performance. The only issue is if they are supported by FreeBSD 8.1 but it should work. Search the forum.
With that hardware you should be able to achieve close to gigabit throughput between any two interfaces. However you probably won't be able to do that between another two interfaces at the same time.
The dedicated hardware in a switch has a far higher total throughput.You could use a smaller SSD with no real drawbacks.
You almost certainly won't need 8GB of RAM but it's cheap these days.Steve
-
Is there any way to improve the simultaneous throughput of other interfaces? Also, if I have a media server and HTPC connected to the pfSense box via the same switch, will the traffic still pass through pfSense?
Cheers
-
Is there any way to improve the simultaneous throughput of other interfaces? Also, if I have a media server and HTPC connected to the pfSense box via the same switch, will the traffic still pass through pfSense?
Cheers
If those are in same VLAN, then no
-
We aren't talking VLANs here, but that's right traffic on the same switch will not pass through pfSense.
It's possible to improve throughput by disabling filtering between bridged interfaces but it's not something I've tried and it isn't recommended.
You probably won't have a problem.
Steve
-
We aren't talking VLANs here, but that's right traffic on the same switch will not pass through pfSense.
Will a pfSense router be able to simultaneously stream a couple of 1080p movies from different interface cards? I currently have an Asus RT-N56U router and I'm wondering if the throughput will be better or worse.
Cheers
-
If it's not streaming just routing packages in my opinion it will
-
I don't have anything capable of displaying a 1080p video so I have no experience! ::)
However, it depends how the video is encoded. The stream from a Blu-ray disc is approximately 30MBps. You would have no problem sending that out of every interface at the same time.
Do you have any idea what bandwidth you need?Steve
-
@Steve: For an MKV stream, I'm probably looking at around 15-20 MBps. If as you say 30MBps can be sent out of every interface simultaneously (and by interface, did you mean each individual port or per NIC?), what type of transfer did you have in mind earlier when you said "You don't want to be moving large amounts of data across the bridge if you can help it"?
Many thanks
-
Well that was before you said what your hardware spec was! ;)
The total throughput of that hardware is going to be in excess of 1000Mbps.
What I meant when I said "if you can help it" is that you should try to put any streaming servers or NAS devices on the same switch as the clients that use them to avoid sending data across the bridge.
This will minimise any problems you might have but with that hardware you probably won't ever notice!Steve
-
Hi All!
Just follow up, if I decide not to bridge the numerous interfaces on my pfSense box, will each interface be on its own subnet? For example,
Interface 1 will assign IPs beginning 192.168.1.1
Interface 2 will assign IPs beginning 192.168.2.1
Interface 3 will assign IPs beginning 192.168.3.1and so on…
If so, how would I allow traffic from different subnets to flow from one to another? And would this method reduce the workload on the pfSense box compared to bridging interfaces?
Many thanks
Phil
-
Yes they would each be on their own subnet.
You would simply need to add firewall rules to allow the traffic and pfSense will route between the subnets.
Doing this would be no different to bridging.As a follow up I recently did an experiment with bridging some interfaces and found that you can disable filtering on each of the member interfaces quite easily. In this case you would normally enable filtering on the bridge interface instead. This should reduce CPU load dramatically but I haven't tested it.
It's too late to edit it now but I should have written 30Mbps for a blu-ray stream, bits not bytes.
Steve
