Bridge LAN ports to act like a switch
-
No. Do not use one of the existing MAC addresses. Make up a MAC and use that. It doesn't matter what the address is just that you have defined one to use to prevent pfSense choosing a new one each time at boot.
Steve
How do I create a valid MAC address?
Thanks
Bye
-
It simply has to be the correct length of hexidecimal figures. For example you could use: 00:11:22:33:44:55
That would be obviously fake which is useful to anyone trying to diagnose a problem later.
See screenshot from my Status: Interfaces: page.Steve
 -
Ok but how do I view and change the IP address of Bridge0 so that it has 192.168.1.254 as IP?
In other words, it is possible to have this configuration:
-
10.0.0.1 –-> WAN Gateway
-
192.168.1.1 ---> LAN Gateway (in order to access the firewall with this IP address)
-
192.168.1.254 –-> Bridge0
If so, how do I do this?
Thanks
Bye
I think you are mis-understanding this. When you create a bridge the NIC doesnt have an IP anymore, the bridge actually has the ip, and the bridge represents any or all of the nic's in the bridge.
So you will end up like this:
-
10.0.0.1 –-> WAN Gateway
-
192.168.1.1 ---> Bridge0 / LAN Gateway (in order to access the firewall with this IP address)
There is no need for an additional IP.
-
-
I tried to insert a fictitious MAC address to the LAN interface before including it in the Bridged0 but, then, Windows 7 still identify the connection between my computer and the firewall as an unidentified network and thus I have the same problems as before . So when I have to insert this MAC?
Thanks
Bye
-
Well, yes it will be un-identified initially, but once you mark that network at private, then it should stay that way.
-
Well, yes it will be un-identified initially, but once you mark that network at private, then it should stay that way.
No, the problem is that Windows 7 identifies the connection as a public network not identified even if I restart the firewall from console. Unfortunately, Windows 7 does not allow to change the network type, and then I can no longer access the firewall via web and the internet. So, how do I fix this?
Thanks
Bye
-
See my screenshot a few posts back for how it should be setup. My interface is named LAN5, yours will be named LAN.
You need to insert the fake MAC onto LAN after you have assigned it as bridge0. The problem is that Windows looks at the MAC address of the DHCP server. The DHCP server is running on LAN (bridge0) so the MAC changes at every boot and Windows warns you that you have connected to a new, unknown, DHCP server.
Steve
-
Also once you have completed the above steps, you WILL get an 'unidentified network' popup, but once you accept it there it should not come up again.
-
See my screenshot a few posts back for how it should be setup. My interface is named LAN5, yours will be named LAN.
You need to insert the fake MAC onto LAN after you have assigned it as bridge0. The problem is that Windows looks at the MAC address of the DHCP server. The DHCP server is running on LAN (bridge0) so the MAC changes at every boot and Windows warns you that you have connected to a new, unknown, DHCP server.
Steve
It is possible to disable this DHCP server on LAN (Bridge0). If so, how do I do this?
Thanks
Bye
-
You can disable the dhcp server. It won't help though. Unless you have spoofed the MAC on LAN Windows will still see it as a new network.
Are you using all static IPs.
Steve
-
See my screenshot a few posts back for how it should be setup. My interface is named LAN5, yours will be named LAN.
You need to insert the fake MAC onto LAN after you have assigned it as bridge0. The problem is that Windows looks at the MAC address of the DHCP server. The DHCP server is running on LAN (bridge0) so the MAC changes at every boot and Windows warns you that you have connected to a new, unknown, DHCP server.
Steve
It is possible to disable this DHCP server on LAN (Bridge0). If so, how do I do this?
Thanks
Bye
You probably don't want to do this. When you make the bridge you are essentially replacing Lan0 and Lan1, and Lan2, etc with Bridge0. Nothing will be running directly on Lan0, 1, etc anymore, everything that WAS running on lan0, 1, etc will now be running on bridge0.
So, if you previously had DHCP before and would like to keep it you will need to have it enabled. This is not 'another' DHCP server, this is the DHCP server.
Now, if you were not using DHCP in the first place at all, then yes you would want to disable it.
-
I have found the main problem:
Starting from the default parameters of pfSense and performing the initial setup to make sure that the LAN and WAN interfaces are working with the type of static address, I tried to insert the MAC address of my computer or a MAC fictitious in the MAC address field of the LAN interface of pfSense. Applying these changes and restarting the firewall from the console, Windows 7 SP1 64-bit identifies the connection as a public network not identified. How come?
Thanks
Bye
-
Because the MAC has changed. However if you then reboot the box again you should find that Windows connects without a warning as the MAC will remain whatever you set it to be.
Windows maintains a list of known networks with the MAC addresses of whatever it talks to on those networks. If it starts talking to a new MAC that isn't in the list it warns you.Steve
-
Because the MAC has changed. However if you then reboot the box again you should find that Windows connects without a warning as the MAC will remain whatever you set it to be.
Windows maintains a list of known networks with the MAC addresses of whatever it talks to on those networks. If it starts talking to a new MAC that isn't in the list it warns you.Steve
the problem is that, even if I restart the firewall from the console with the new MAC, Windows identifies the new connection directly as a public network not identified without the possibility to change its type.
So, how do I change its type?
Thanks
Bye
-
Because the MAC has changed. However if you then reboot the box again you should find that Windows connects without a warning as the MAC will remain whatever you set it to be.
Windows maintains a list of known networks with the MAC addresses of whatever it talks to on those networks. If it starts talking to a new MAC that isn't in the list it warns you.Steve
the problem is that, even if I restart the firewall from the console with the new MAC, Windows identifies the new connection directly as a public network not identified without the possibility to change its type.
So, how do I change its type?
Thanks
Bye
But, after it's set, do the Windows boxes keep notifying you again, later. From what I understand, it should do it once after you set the MAC, but once Windows identifies it, as long as you don't change the Bridge MAC again, it shouldn't keep bothering you.
-
Because the MAC has changed. However if you then reboot the box again you should find that Windows connects without a warning as the MAC will remain whatever you set it to be.
Windows maintains a list of known networks with the MAC addresses of whatever it talks to on those networks. If it starts talking to a new MAC that isn't in the list it warns you.Steve
the problem is that, even if I restart the firewall from the console with the new MAC, Windows identifies the new connection directly as a public network not identified without the possibility to change its type.
So, how do I change its type?
Thanks
Bye
But, after it's set, do the Windows boxes keep notifying you again, later. From what I understand, it should do it once after you set the MAC, but once Windows identifies it, as long as you don't change the Bridge MAC again, it shouldn't keep bothering you.
Dropping for a moment the creation of the switch, how do I set a MAC address to the LAN interface preventing Windows 7 from identifying this connection as unidentified public network?
Thanks
Bye
-
If you are not using a bridge at all then you should not have to do anything with the MAC address of the LAN NIC. It will always use the real MAC read fro the card itself. Windows should only ask you once 'what type of network are you connecting to?'.
Are you still using all statically assigned IPs?
If it's seeing new networks each time you have a different problem.
What hardware are you running?
Steve
-
If you are not using a bridge at all then you should not have to do anything with the MAC address of the LAN NIC. It will always use the real MAC read fro the card itself. Windows should only ask you once 'what type of network are you connecting to?'.
Are you still using all statically assigned IPs?
If it's seeing new networks each time you have a different problem.
What hardware are you running?
Steve
I had done the test without bridge only to understand something.
I always use the static IP.
My firewall is http://www.firewallhardware.it/en/appliance_utm2.html . By chance, is there some parameters of the BIOS that could cause my problem?
Thanks
Bye
-
Hmm, well there are quite a few people using that Jetway motherboard and your appliance has the nicer Intel daughter board which is said to be very good. No one has reported similar problems.
At this point you might consider the cause is something different. How many different Windows 7 machines have you tested this with?
Otherwise please post some screenshots of your not working bridge config. You could post your config.xml after you have removed any information you don't want public, passwords IPs etc. We can get a much clearer idea from that.
Steve
-
Hmm, well there are quite a few people using that Jetway motherboard and your appliance has the nicer Intel daughter board which is said to be very good. No one has reported similar problems.
At this point you might consider the cause is something different. How many different Windows 7 machines have you tested this with?
Otherwise please post some screenshots of your not working bridge config. You could post your config.xml after you have removed any information you don't want public, passwords IPs etc. We can get a much clearer idea from that.
Steve
For the moment, I'm trying on 10 Windows 7 machine.
I can not understand what snapshots you want? Where is the config.xml file? How do I view it?
Thanks
Bye
