Bridge LAN ports to act like a switch
-
The instructions are for configuring from the webgui.
Whilst it's possible to do this from the console it's far more complex.Steve
So you could better explain the 4 and 5 step?
Is there a way to avoid having to change the Ethernet port to the step 4?
If in the step 5 I set the configuration type to "none", all LAN interfaces remain without an IP address. So, how do operate a network device connected to one of these interfaces?
Thanks
Bye
-
In step 4 device bridge0 gets all the LAN attributes (including the IP address) when bridge0 is assigned to LAN.
If in the step 5 I set the configuration type to "none", all LAN interfaces remain without an IP address. So, how do operate a network device connected to one of these interfaces?
But your physical interfaces are members of a bridge and the bridge has an IP address so (effectively) all the bridge members have the bridge IP address.
-
So you could better explain the 4 and 5 step?
Hmm, I can't see how I can explain it better.
@stephenw10:4. Now go to Interfaces: (assign) and change the LAN assignment to bridge0. Save and reconnect your ethernet cable to one of the bridge interfaces.
Do that. Make it look like my 2nd screen shot above.
In step 5 after you have changed the interface assigned to LAN (to Bridge0) you will have a spare interface which can be added to the bridge.
Steve
-
In step 4 device bridge0 gets all the LAN attributes (including the IP address) when bridge0 is assigned to LAN.
If in the step 5 I set the configuration type to "none", all LAN interfaces remain without an IP address. So, how do operate a network device connected to one of these interfaces?
But your physical interfaces are members of a bridge and the bridge has an IP address so (effectively) all the bridge members have the bridge IP address.
Ok but how do I view and change the IP address of Bridge0 so that it has 192.168.1.254 as IP?
In other words, it is possible to have this configuration:
-
10.0.0.1 –-> WAN Gateway
-
192.168.1.1 ---> LAN Gateway (in order to access the firewall with this IP address)
-
192.168.1.254 ---> Bridge0
If so, how do I do this?
Thanks
Bye
-
-
Ok but how do I view and change the IP address of Bridge0 so that it has 192.168.1.254 as IP?
Assuming you followed Steve's instructions, go to web page Interfaces -> LAN, set IP address or other attributes then click on Save (to update the configuration file) and Apply (to update the running system).
But if you followed Steve's instructions, why do you need to change the IP address?
If you change the IP address of the pfSense interface on which you are accessing the system I expect you will find it necessary to restart pfSense and then adjust the IP address on the system you are using to access pfSense so that they are both the same IP subnet (get new DHCP lease if the client uses DHCP, change static IP address otherwise).
-
Ok but how do I view and change the IP address of Bridge0 so that it has 192.168.1.254 as IP?
In other words, it is possible to have this configuration:
-
10.0.0.1 –-> WAN Gateway
-
192.168.1.1 ---> LAN Gateway (in order to access the firewall with this IP address)
-
192.168.1.254 –-> Bridge0
If so, how do I do this?
Thanks
Bye
-
-
Ok but how do I view and change the IP address of Bridge0 so that it has 192.168.1.254 as IP?
Why?
If LAN is assigned to bridge0 and LAN is configured to have IP address 192.168.1.1 then bridge0 gets 192.168.1.1.
It is possible to assign multiple IP addresses to an interface, but do you really need that?
-
In your original post, here, you asked about configuring your machine to have 1 WAN port and the other 4 ports configured as a single LAN. That is what I have explained.
Do you now want to have 1 WAN, 1 LAN and the three other ports configured as a switch? (a different interface)Steve
-
I would simply like to create a bridge that joins the 4 network cards in order to create a 192.168.1.x network. I tried to follow the stephenw10 method, but, after completing the step 5, I can not longer access my firewall in any way with my computer that has Windows 7 SP1 64 bit. How come?
Thanks
Bye
-
after completing the step 5, I can not longer access my firewall in any way with my computer that has Windows 7 SP1 64 bit. How come?
It is almost impossible to say because you haven't told us exactly what you have done and you haven't told us how you are attempting to access the firewall and what response you are getting.
1. How are you trying to access the firewall? (ping? web? … ) What response do you get?
2. Have you tried connecting the Windows system to another port that is a member of the bridge? What response do you get then?
3. You asked about setting LAN interface to 192.168.1.254 when it was apparently previously set to 192.168.1.1. There was no explanation why you wanted to do this. PERHAPS you didn't quite follow Steve's instructions and have ended up with inconsistencies in your network. In a small number of cases I have found my pFsense sometimes has seemed to need to be rebooted after "significant" changes to IP addresses. Have you rebooted pfSense? Have you verified your Windows system and the pfSense LAN interface are on the same IP subnet?
-
In order for you to accomplish what you wish you have to make changes that will possibly lock you out if you don't think clearly about what you do and how each step will affect the setup.
Keep in mind that you have to keep a reachable interface at all times.
When you decide on what LAN subnet you wish to use Id create one of the physical interfaces with another temporary subnet. Build the bridge, give it its address, add the remaining interfaces to it and verify they work, and configure the rest of the firewall from the bridge including adding the final interface that was given the original temporary address. because once you make that interface "none", it will be useless until you add it to the bridge.
My guess is that unless you left a way to configure via the wan interface that you need to start over.
-
after completing the step 5, I can not longer access my firewall in any way
You are able to access it after step 4 though?
If you have locked yourself out of the box for whatever reason, and rebooting does not solve it, you can temporarily disable the firewall from the console. Described here:
http://doc.pfsense.org/index.php/I_locked_myself_out_of_the_WebGUI,_help!#Remotely_Circumvent_Firewall_Lockout_by_Temporarily_Changing_the_Firewall_RulesOnce you have access modify your firewall rules to prevent the lockout.
Steve
-
In practice, after step 4, I have to restart the firewall from the console to perform step 5 via web.
Instead, after step 5, Windows 7 identifies the connection as a public network unidentified. Then, Internet no longer works and I can not access longer the firewall via web with the IP address 192.168.1.1.
So, anyone have any idea on how to fix this?
Thanks
Bye
-
Windows 7 complains because the MAC of the bridge interface is regenerated each time at boot, because it's not a real NIC.
To prevent this happening you can set a MAC address for the bridge interface which will be used every time. You can do this under Interface: Lan: (assuming LAN is assigned as bridge0).See: http://forum.pfsense.org/index.php/topic,54666.0.html
Steve
-
Windows 7 complains because the MAC of the bridge interface is regenerated each time at boot, because it's not a real NIC.
To prevent this happening you can set a MAC address for the bridge interface which will be used every time. You can do this under Interface: Lan: (assuming LAN is assigned as bridge0).See: http://forum.pfsense.org/index.php/topic,54666.0.html
Steve
In the Interface: Lan window, I have to insert the MAC address of the network card of the computer or a network card of the firewall?
Thanks
Bye
-
No. Do not use one of the existing MAC addresses. Make up a MAC and use that. It doesn't matter what the address is just that you have defined one to use to prevent pfSense choosing a new one each time at boot.
Steve
-
No. Do not use one of the existing MAC addresses. Make up a MAC and use that. It doesn't matter what the address is just that you have defined one to use to prevent pfSense choosing a new one each time at boot.
Steve
How do I create a valid MAC address?
Thanks
Bye
-
It simply has to be the correct length of hexidecimal figures. For example you could use: 00:11:22:33:44:55
That would be obviously fake which is useful to anyone trying to diagnose a problem later.
See screenshot from my Status: Interfaces: page.Steve
 -
Ok but how do I view and change the IP address of Bridge0 so that it has 192.168.1.254 as IP?
In other words, it is possible to have this configuration:
-
10.0.0.1 –-> WAN Gateway
-
192.168.1.1 ---> LAN Gateway (in order to access the firewall with this IP address)
-
192.168.1.254 –-> Bridge0
If so, how do I do this?
Thanks
Bye
I think you are mis-understanding this. When you create a bridge the NIC doesnt have an IP anymore, the bridge actually has the ip, and the bridge represents any or all of the nic's in the bridge.
So you will end up like this:
-
10.0.0.1 –-> WAN Gateway
-
192.168.1.1 ---> Bridge0 / LAN Gateway (in order to access the firewall with this IP address)
There is no need for an additional IP.
-
-
I tried to insert a fictitious MAC address to the LAN interface before including it in the Bridged0 but, then, Windows 7 still identify the connection between my computer and the firewall as an unidentified network and thus I have the same problems as before . So when I have to insert this MAC?
Thanks
Bye
