How to connect client (PC or Mac) to pfSense router host?
-
"I set my Mac's network configuration to 'Using DHCP' with the router address set to 192.168.1.1 "
So when you say you set your mac to dhcp, it got a lease from your pfsense? How did it get 192.168.1.1 as gateway - did you manually set that?
I agree with gderf here - if you have a 3 nic card, and one clearly got a wan IP from your cable modem. Its not clear which one of the other 2 ports pfsense would of assigned as the lan.
So try each one. Modern nics, ie if 10/100/1000 should do auto crossover so you should be able to just use any patch cable. And connect your PC/MAC directly too the pfsense lan interface.
But since you mention pc and mac, don't you have a switch? You can pick up 10/100 for like $20 these days - shoot you even might find a 10/100/1000 on sale for like $20, but $40 you should be able to find a gig switch even.
The NIC card is an older 10/100. I think during boot I saw info about the card from around 2003 (not sure but I can reboot the pfSense box and post the NIC cards details if this will help).
No I don't have a switch. I was hoping to get the pfSense router working then get a 10/100/1000 switch. I am trying to create a home network with the addition of a file server, HTPC, and my current Mac and Linux test PC. Unfortunately, I only have one monitor for PCs so I can't boot the pfSense box with the monitor attached and also try to setup the Linux PC to connect to it. I figured my iMac could be used instead as test client. I only have the pfSense PC, Linux test PC, and iMac at this time. Was trying to go step by step before investing into the other components.
-
"I set my Mac's network configuration to 'Using DHCP' with the router address set to 192.168.1.1 "
So when you say you set your mac to dhcp, it got a lease from your pfsense? How did it get 192.168.1.1 as gateway - did you manually set that?
I agree with gderf here - if you have a 3 nic card, and one clearly got a wan IP from your cable modem. Its not clear which one of the other 2 ports pfsense would of assigned as the lan.
So try each one. Modern nics, ie if 10/100/1000 should do auto crossover so you should be able to just use any patch cable. And connect your PC/MAC directly too the pfsense lan interface.
But since you mention pc and mac, don't you have a switch? You can pick up 10/100 for like $20 these days - shoot you even might find a 10/100/1000 on sale for like $20, but $40 you should be able to find a gig switch even.
My Mac could not get a lease from the pfSense router like my NetGear router does with no problems, so I tried setting it manually.
-
"my WAN is automatically set to WAN->rl0->208.118.snippedforprivacy (DHCP) and the LAN->fwe0->192.168.1.1"
Ok something not right there if your saying your pfsense setup nic 1 of your 3 nic card to rl0, it does not make sense that other nics on that card would be called fwe0
Can you post the output of ifconfig on your pfsense
example here is mine
–-
[2.1-BETA1][admin@pfsense.local.lan]/root(2): ifconfig
em0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
options=98 <vlan_mtu,vlan_hwtagging,vlan_hwcsum>ether 00:50:56:00:00:02
inet 192.168.1.253 netmask 0xffffff00 broadcast 192.168.1.255
inet6 fe80::250:56ff:fe00:2%em0 prefixlen 64 scopeid 0x1
nd6 options=1 <performnud>media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
em1: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
options=98 <vlan_mtu,vlan_hwtagging,vlan_hwcsum>ether 00:50:56:00:00:01
inet6 fe80::250:56ff:fe00:1%em1 prefixlen 64 scopeid 0x2
inet 24.13.xx.xx netmask 0xfffff800 broadcast 255.255.255.255
nd6 options=1 <performnud>media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
em2: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
options=98 <vlan_mtu,vlan_hwtagging,vlan_hwcsum>ether 00:0c:29:1e:18:90
inet 192.168.2.253 netmask 0xffffff00 broadcast 192.168.2.255
inet6 fe80::20c:29ff:fe1e:1890%em2 prefixlen 64 scopeid 0x3
nd6 options=1 <performnud>media: Ethernet autoselect
status: no carrier
em3: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
options=98 <vlan_mtu,vlan_hwtagging,vlan_hwcsum>ether 00:0c:29:1e:18:9a
inet 192.168.3.253 netmask 0xffffff00 broadcast 192.168.3.255
inet6 fe80::20c:29ff:fe1e:189a%em3 prefixlen 64 scopeid 0x4
nd6 options=1 <performnud>media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
plip0: flags=8810 <pointopoint,simplex,multicast>metric 0 mtu 1500
lo0: flags=8049 <up,loopback,running,multicast>metric 0 mtu 16384
options=3 <rxcsum,txcsum>inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6
nd6 options=3 <performnud,accept_rtadv>pfsync0: flags=0<> metric 0 mtu 1460
syncpeer: 224.0.0.240 maxupd: 128 syncok: 1
enc0: flags=0<> metric 0 mtu 1536
pflog0: flags=100 <promisc>metric 0 mtu 33200
ovpns1: flags=8051 <up,pointopoint,running,multicast>metric 0 mtu 1500
options=80000 <linkstate>inet6 fe80::250:56ff:fe00:2%ovpns1 prefixlen 64 scopeid 0xa
inet 10.0.200.1 –> 10.0.200.2 netmask 0xffffffff
nd6 options=3 <performnud,accept_rtadv>Opened by PID 69319
ovpns2: flags=8051 <up,pointopoint,running,multicast>metric 0 mtu 1500
options=80000 <linkstate>inet6 fe80::250:56ff:fe00:2%ovpns2 prefixlen 64 scopeid 0xb
inet 10.0.8.1 --> 10.0.8.2 netmask 0xffffffff
nd6 options=3 <performnud,accept_rtadv>Opened by PID 73792
notice how my nics are all called emX, maybe pfsense set your onboard nic as lan, but nics on the same card should have the same sort of name ie RL, EM, etc..</performnud,accept_rtadv></linkstate></up,pointopoint,running,multicast></performnud,accept_rtadv></linkstate></up,pointopoint,running,multicast></promisc></performnud,accept_rtadv></rxcsum,txcsum></up,loopback,running,multicast></pointopoint,simplex,multicast></full-duplex></performnud></vlan_mtu,vlan_hwtagging,vlan_hwcsum></up,broadcast,running,simplex,multicast></performnud></vlan_mtu,vlan_hwtagging,vlan_hwcsum></up,broadcast,running,simplex,multicast></full-duplex></performnud></vlan_mtu,vlan_hwtagging,vlan_hwcsum></up,broadcast,running,simplex,multicast></full-duplex></performnud></vlan_mtu,vlan_hwtagging,vlan_hwcsum></up,broadcast,running,simplex,multicast>
-
Was the gateway address you posted a typo (Gateway: 192.1698.1.1). I tried to follow your instructions but I get an error stating this IP address is invalid so I tried 192.168.1.1 but still unable to ping from client PC (which is actually a Mac).
Yes, a typo which I corrected.
I guess I'm still not getting how these NIC cards work. When I assign interfaces on pfSense box my WAN is automatically set to WAN->rl0->208.118.25.70 (DHCP) and the LAN->fwe0->192.168.1.1
When I set the LAN interface I get the following message:
The IPv4 LAN address has been set to 192.168.1.0/24
You can now access the webConfigurator by opening the following URL in your web browser: http://192.168.1.0/
However I am unable to ping 192.168.1.1 from the client. I tried moving the cable to the third port on the NIC card but no response.192.168.1.0/24 is not a valid LAN interface IP address, it is the network address and cannot be assigned to an interface. Is this a typo?
If I reconnect my Mac to my NetGear router using the configure option 'Using DHCP' it automatically sets my IP address to 192.168.0.2, Subnet Mask: 255.255.255.0, and Router: 192.168.0.1 which is the correct router IP (I can use my browser to connect to the netgear router web gui via http://192.168.0.1/
You need to sort out the inconsistent addressing you are reporting here. I suggest reseting your pfsense to factory defaults from the console.
When I connect my Mac or other PC to the netgear router I use a regular ethernet patch cable. Since I wasn't able to connect to the pfSense router LAN port using the normal patch cable, I bought a crossover cable yesterday and tried that instead and thus, this is where I'm at today! Should I be using the crossover cable for the LAN from pfSense PC to Mac/Linux PC. I figured since all these machines where older that the did not have the auto-detect feature.
When you plug both ends of an ethernet cable into ethernet ports you must get link lights coming on both adapters. If you don't, then one or both NICs are bad, or the cable is bad, or both. Regarding straight thru patch cables vs crossover cables, connecting a NIC to another NIC requires a crossover cable unless both NICs are auto sensing. It can not possibly work if you do not have link lights on both ends.
-
fwe0 is a firewire interface not a proper NIC. ;) You do not have LAN assigned to the correct NIC.
Your Intel multiport card will probably have interfaces shown as fxp0, fxp1 etc.
Give us the 'ifconfig' output as johnpoz asked for and this will soon be resolved.
Steve
-
Are you still using this motherboard: http://www.jetway.com.tw/jw/ipcboard_view.asp?productid=276&proname=J7F2WE1GS
Steve
-
Thanks to everyone. johnpoz post set off the light bulb so to speak.
I realized after carefully watching all items during startup that even though I disabled the onboard NIC, both the onboard and NIC card where being setup and listed. When I examined the NIC aliases, I saw that lr0 was the onboard nic (which is a VIA VT6102 Rhine II 10/100 (Intel) and fwe0 is IP over Firewire, and there were 3 others listed (rl0-2) which is in fact the NIC card (RealTek 8139 10/100BaseTX). i.e.- 3 alias = 3 NIC ports!
I reset pfSense back to factory defaults, rebooted, manually set the WAN to rl0 and LAN to rl1, connected my client (iMac) with standard patch cable, and whala! Network setup auto detected correct ip address (192.168.1.100), subnet mask: 255.255.255.0, and Router ip: 192.168.1.1, and I am now successfully connected to the web and able to access the webConfigurator via my browser.
Thanks again to everyone! Your responses may not have be the exact fix for my situation but they did help me to ask the right questions and better understand how routers and network interfaces communicate. Yea, I can finally configure my custom PC-based firewall!!!
"my WAN is automatically set to WAN->rl0->208.118.snippedforprivacy (DHCP) and the LAN->fwe0->192.168.1.1"
Ok something not right there if your saying your pfsense setup nic 1 of your 3 nic card to rl0, it does not make sense that other nics on that card would be called fwe0
Can you post the output of ifconfig on your pfsense
example here is mine
–-
[2.1-BETA1][admin@pfsense.local.lan]/root(2): ifconfig
em0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
options=98 <vlan_mtu,vlan_hwtagging,vlan_hwcsum>ether 00:50:56:00:00:02
inet 192.168.1.253 netmask 0xffffff00 broadcast 192.168.1.255
inet6 fe80::250:56ff:fe00:2%em0 prefixlen 64 scopeid 0x1
nd6 options=1 <performnud>media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
em1: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
options=98 <vlan_mtu,vlan_hwtagging,vlan_hwcsum>ether 00:50:56:00:00:01
inet6 fe80::250:56ff:fe00:1%em1 prefixlen 64 scopeid 0x2
inet 24.13.xx.xx netmask 0xfffff800 broadcast 255.255.255.255
nd6 options=1 <performnud>media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
–-notice how my nics are all called emX, maybe pfsense set your onboard nic as lan, but nics on the same card should have the same sort of name ie RL, EM, etc..</full-duplex></performnud></vlan_mtu,vlan_hwtagging,vlan_hwcsum></up,broadcast,running,simplex,multicast></full-duplex></performnud></vlan_mtu,vlan_hwtagging,vlan_hwcsum></up,broadcast,running,simplex,multicast>
-
-
Nice. :)
The on board VIA NIC should show up as vr0. It's supported by the vr(4) driver.
Steve
Is there any advantage to loading this driver and re-enabling the onboard NIC? Now that I've FINALLY gotten pfSense to work as a router, I don't want to screw it up. However, I also hate to waste a usable port. I intend to connect this to a switch once I get the rest of my hardware built.
The link to this driver contains the following:
SYNOPSIS
To compile this driver into the kernel, place the following lines in your
kernel configuration file:device miibus
device vrAlternatively, to load the driver as a module at boot time, place the
following line in loader.conf(5):if_vr_load="YES"
I'm just learning UNIX/Linux and have not attempted to recompile the kernel. With the alternate, do you know where the loader.conf file is located in FreeBSD os?
-
There is no need to load the driver it's already in the kernel. I was just saying that NIC should show up as vr0 if you enable it, and it should work just fine. Whatever else you are seeing during the boot sequence it's probably not that NIC. Try enabling it again in the bios and see.
If you post the output of 'ifconfig' it will be obvious. You can run the command from the webgui in Diagnostics: Command Prompt: then you can copy/paste the result here easily.Steve
-
There is no need to load the driver it's already in the kernel. I was just saying that NIC should show up as vr0 if you enable it, and it should work just fine. Whatever else you are seeing during the boot sequence it's probably not that NIC. Try enabling it again in the bios and see.
If you post the output of 'ifconfig' it will be obvious. You can run the command from the webgui in Diagnostics: Command Prompt: then you can copy/paste the result here easily.Steve
Here are my results and yes it does show up as vr0. If I re-enable it through the BIOS, could I then reassign the WAN port to this (vr0) and use the NIC card's other 3 ports for LANs?
$ ifconfig
rl0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
options=8 <vlan_mtu>ether 00:30:18:ad:da:bf
inet6 fe80::230:18ff:fead:dabf%rl0 prefixlen 64 scopeid 0x1
inet 208.118.25.70 netmask 0xffffff00 broadcast 255.255.255.255
nd6 options=43 <performnud,accept_rtadv>media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
fwe0: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500
options=8 <vlan_mtu>ether 02:30:18
a8:28
inet6 fe80::30:18ff:feab:a828%fwe0 prefixlen 64 scopeid 0x2
nd6 options=43 <performnud,accept_rtadv>ch 1 dma 0
fwip0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
lladdr 0.30.18.0.0.ab.a8.28.a.2.ff.fe.0.0.0.0
inet6 fe80::230:1800a828%fwip0 prefixlen 64 scopeid 0x3
nd6 options=43 <performnud,accept_rtadv>rl1: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
options=8 <vlan_mtu>ether 00:30:18:ad:da:be
inet6 fe80::230:18ff:fead:dabe%rl1 prefixlen 64 scopeid 0x4
inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
nd6 options=43 <performnud,accept_rtadv>media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
rl2: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
options=8 <vlan_mtu>ether 00:30:18:ad:da:bd
inet6 fe80::230:18ff:fead:dabd%rl2 prefixlen 64 scopeid 0x5
nd6 options=43 <performnud,accept_rtadv>media: Ethernet autoselect (none)
status: no carrier
vr0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
options=82808 <vlan_mtu,wol_ucast,wol_magic,linkstate>ether 00:30:18:a4:74:bf
inet6 fe80::230:18ff:fea4:74bf%vr0 prefixlen 64 scopeid 0x6
nd6 options=43 <performnud,accept_rtadv>media: Ethernet autoselect (none)
status: no carrier
plip0: flags=8810 <pointopoint,simplex,multicast>metric 0 mtu 1500
pfsync0: flags=0<> metric 0 mtu 1460
syncpeer: 224.0.0.240 maxupd: 128 syncok: 1
pflog0: flags=100 <promisc>metric 0 mtu 33200
enc0: flags=0<> metric 0 mtu 1536
lo0: flags=8049 <up,loopback,running,multicast>metric 0 mtu 16384
options=3 <rxcsum,txcsum>inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0xb
nd6 options=43<performnud,accept_rtadv></performnud,accept_rtadv></rxcsum,txcsum></up,loopback,running,multicast></promisc></pointopoint,simplex,multicast></performnud,accept_rtadv></vlan_mtu,wol_ucast,wol_magic,linkstate></up,broadcast,running,simplex,multicast></performnud,accept_rtadv></vlan_mtu></up,broadcast,running,simplex,multicast></full-duplex></performnud,accept_rtadv></vlan_mtu></up,broadcast,running,simplex,multicast></performnud,accept_rtadv></up,broadcast,running,simplex,multicast></performnud,accept_rtadv></vlan_mtu></up,broadcast,running,promisc,simplex,multicast></full-duplex></performnud,accept_rtadv></vlan_mtu></up,broadcast,running,simplex,multicast> -
Yes you can do that.
You might want to disable the firewire in the bios if you have that option. It's probably not causing any problems but it might reduce confusion in the future.
Steve
-
Personally, I would not bother bridging multiple ethernet ports on my pfSense just to get a few ports in the same LAN subnet. You will probably end up with more LAN devices to connect (WiFi access point, NAS, cabled computers…) than you have ports in your pfSense box anyway, and will have to have a switch anyhow. It is easiest to connect a switch to the single LAN port on the pfSense, and connect everything else to the switch.
Then further down the track, if you want to have a separate guest network etc, you can easily use a spare ethernet port on your pfSense to make a separate subnet for guests and so on.
