Need help enabling other Nics to work
-
I can enable Opt1 and 2 but that does nothing much even after a reboot. I am using my VPNs dns servers to connect to the internet and Wan is DHCP with my real ISP IP showing, the VPN is using some other IP which I am not sure about but it is working on VPN IP check.
I tried adding static ips to both Op1/2 but how do I enable dhcp afterwards ?
-
but how do I enable dhcp afterwards ?
Services->DHCP
-
thx phil but theres 4 different DHCP sections under services :)
I tried to play around with the dhcp server and enabled range of addresses in both opt1 and 2 even tried to add more firewall rules for both opt1/2 but no joy. I think there are many tick boxes and settings and other things I must enable and adjust for it to work.
Does anyone have any links to direct tutorials or youtube vids on setting up additional ports and configuring them ?
-
Services: DHCP Server:
Hit the tab for your new interface and enable the dhcp server on it.Steve
-
Maybe i missed it, but what do you want todo with the other interfaces, connecting to ?.
pic of your current network and a pic of what u want ur network to be configured as would be great -
^ I agree not sure what the OP wants interfaces to be used for? If other network segments, it is as simple as giving them an IP, and enabling firewall rules for that interface to allow traffic you want to allow.
If you want to enable dhcp it is a simple checkbox on the interface tab under dhcp server..
-
Hi will give it another go now that you guys fixed my saving/restore feature.
Its a very simple setup
broadband Modem (DSL) > Pfsense PC > PC
I have on the Pfsense PC a 4 port Nic, 1 port for Wan with dhcp (em0) 1 port for Lan (em1) connected to my desktop and working fine with my VPN provider and opt1/2 as em2 and em3 (the 2 ports I would like to use also at same time)
I would like to run my existing VPN connection to not only the Lan port which is working fine but to the other 2 spare ports so I can connect up a 2nd pc for family member. So its still under VPN.
I know it can work since it worked with a tomato router, all 4 ports worked under the same VPN provider :)
I will give it a shot and pop back, once I got these 2 ports working with internet under my VPN I can enjoy Xmas hopefully!
-
its trickier under pfsense than a tomato based router as the nics have to be "bridged" in pfsense, trying to make pfsense a multi nic router could be challenging as it was not meant to be a one but is doable.
probably easier with a dumb switch connecting it to em1 and the pc's connected to the switch, but not quite sure as for the vpn working in this configuration as im no expert on vpn's.
so do a search in bridging the nics, have fun as there is not much info on that but it is out there…...btw, although i like my pfsense setup i miss my tomato gui -
"I would like to run my existing VPN connection to not only the Lan port which is working fine but to the other 2 spare ports so I can connect up a 2nd pc for family member. So its still under VPN."
No that is not what you want to do.. You don't have a switch laying around, or even an OLD router? Bridging the interfaces so they act like a switch can be done - but NO not something for a new user of pfsense or networking in general.
If you don't have as switch or old router laying around to use just the switch ports. Then buy one they can be had for like $20
http://www.newegg.com/Switches/SubCategory/ID-30?Order=PRICE
There are like 2 pages to choose from under $20
As to vpn you have setup on your pfsense - then sure you can have all clients use that vpn, or even get fancy and use policy based routing so only specific computers use it, or even only use it when specific dest etc..
What did pfsense replace? Most soho routers have built in 4 port switches – so instead of using it as a router or wireless access point you can just leverage its switch ports. Just disable it dhcp server, disable its wireless and then connect from your pfsense to one of its lan ports, and then your other devices to the 3 other lan ports open on the old soho router. There you go 3 machines on your pfsense lan network.
-
Wow a little shell shocked at hearing this news, much appreciated info. I guess I really should have asked this question before spending the money I did ! luckily it was not to much!
Its a bit whacky to hear pfsense can't output the VPN so easily to 4 ports, it was replacing a cheap 2nd hand tomato router which did it no issues.
I will have to consider my options at this point still a 15watt AMD AES enabled CPU with pfsense is not bad at all and still best any tomato router in speeds and performance, I may just get some 4 way switch power Ethernet plugs and have everything sorted in seconds.
Could I not just enable normal internet over the 2 extra ports? Or what if I used a 2nd VPN service and then simply use that for the 2 extra ports ?
-
Dude you have 4 nics not a 4 port switch.. This nics are NOT on the same network.. They are not connected to each other in anyway.. They are 4 nics connected to a router..
Your soho router was something like this - see attached. See the SWITCH where all the ports are connection. Where you vlan tagged the ports between wan and lan and wireless is bridged to your lan, etc.. Completely different then a router with multiple interfaces.
Now you can get nics to kind of act like a switch by creating a "bridge" but is still not the same as a switch.. And complicates the setup that I would not really suggest for a new user. Now where you other nics come in handy is creating multiple network segments.
Now if you want you could create a new segment say 192.168.2.0/24 while your lan is 192.168.1.0/24 that is very easy. Now you can route traffic between these networks. And sure they could all use pfsense to get to the internet or use the vpn connection that pfsense has setup. So your machine you plug into the nic that is 192.168.2.0/24 would get a 192.168.2 address etc. And if you wanted a 3rd create 192.168.3 on that interface.
-
This is the card I have
http://h30094.www3.hp.com/product/sku/3419886/mfg_partno/435508-B21Its the hp intel 364T 4 port Ethernet card.
Wan/em0 is connected to DSL router and gets dhcp ok
lan/em1 is connected to desktop pc and gets vpn ok
So just to make sure I am getting this right…. I can't make real use out of the other 2 ports since its all connected to one unit unlike a routers vlan design I take it ? Obviously without getting my head around bridging and more complex stuff !
If that is the case then I should still be able to get a cheap switch or one of these power Ethernet adapters like this : http://www.amazon.com/ZyXEL-Powerline-Gigabit-Wall-plug-PLA4225KIT/dp/B0061308MA/ref=pd_sim_sbs_e_6/175-2255949-3655201
and then just use the existing lan > 4 way powerline and split to 4 connections, all under vpn I take it ?
-
what i and johnpoz said about bridging, its not really like a switch and not a newb thing to try and needs some cpu strength to handle 4 bridged nics, its doable just not recommended. if pc's are already wired for network just buy a switch as the power over ethernet is not really needed
-
Hi I understand, I prefer to keep it simple and working.
I can get a cheap switch but ill be moving this pfsense box and router to a different room, right now am running 30 meters worth of of wires around rooms and its messy.
Is a power over Ethernet not recommended? many of them have 2 port or 4 port switches making this ideal for my set up.
Its not the end of the world if the 4 ports do not work, I just need 1 at the end of the day, my main priority was to use AES encryption for VPN support and not be limited to tomato or ddwrt routers and very limited 20-30meg max broadband speeds. I was either going for netgears R7000 at $200 or my Pfsense build @ $300, so for the extra bit I am future proofed and not limited to low speeds under VPN:)
-
Arrrghhh dude your ports are very usable, nobody has said anything different.. They are full NICs not switch ports.. As I said you can just fire up a port on that card in another network and connnect whatever you want to it and it will work.. Just not on the same network like a switch would do, unless you bridge them.. Which is NOT something a new user to networking should be doing ;)
But sure if you want to play have fun.. As to a switch supporting POE, do you have a need for this? Do you have devices like an Accesspoint that your going to plug into the switch that can get power from the switch… If not there is no point to POE.
Do you still have your old router - use it as a switch.. No need to buy anything.
A switch allows you to run 1 wire to where pfsense is - and then connect your switch where you have devices in the same room, switches can be chained.. So for example I have switch off my pfsense lan nic, that switch has wire that runs to front of the house where another switch and my dvrs, slingbox, etc. are plugged into the network. There is also a cable that runs from the center switch to back end of the house where another switch is that I can use to connect stuff back there.
Try to leverage the nics in your pfsense for devices especially if those devices are not right next to your pfsense box is just pointless nonsense.. You use switches to connect devices to your network, you buy as many ports you need, if you need more buy another switch plug it in, etc..
If you don't currently have use of another network segment to take advantage of your 4 port nic - just think its future proofing. Maybe next week you will want to isolate your wireless on its own segment. Maybe you will need another lan segment for say your media devices to keep their broadcast traffic off your main lan.. those things are noisy little suckers.. ;)
-
^Exactly.
What you have with a 4 port NIC card, 4 separate NICs, is far more powerful that a SOHO router style switch.It is definitely possible to bridge the NICs if that's the way you want to go. It's just that it can be a bit confusing until you get your head around it and nobody here wants to introduce unnecessary confusion! To give you some idea of what's involved here's a post a wrote some time ago: http://forum.pfsense.org/index.php/topic,48947.msg269592.html#msg269592
You don't need to bridge the two NICs to give the second subnet access to the VPN. To do that you simply need to add a firewall rule that catches traffic and sends it via the VPN gateway.
Steve
-
thanks johnpoz and Stephen10 for the information and link
I just wanted to clear up some further questions, I understand from what you guys are saying I can still make use out of the extra ports. When I said Nics I mean I have 1 single network card with 4 separate Ethernet ports (just making sure!).
I think playing around with bridging them and what not is to complex as it is for now so ill avoid it for now.
I want to ask, you said I can still fire up another network and make use of the other ports, I did ask this before but no answer or I missed it. Are you suggesting I can use a 2nd VPN provider and make use out of one of the spare Ethernet ports still ?
Or I can enable normal broadband from those 2 spare ports I have ?
Or when you mean another network you mean like a separate broadband connection ?
For now I only need 1 desktop pc for internet, but yes perhaps a 2nd for a server and laptop in future.
No wireless required, I prefer hardwire only, I do understand your switches or a spare modem idea to simply add more devices to the network and it is cheaper but I still hate having wires and more clutter. A poe plug with inbuilt 4 way switch is neater for myself I could get tp link 3way switch poe x2 pretty cheap also, no accesspoint either.
-
laptop without wireless? What is the point of that? ;)
Yes you were answered multiple times about creating another network – Sometimes its like talking to a freaking wall??
Gave you the example of 192.168.2.0/24 arrrghhh
Here is a picture of your 4 nics - see attached. Yes we know they are really 1 card..
You can have any one of these computers talk to each other, or share the same internet or vpn connection.. It takes all of a couple of minutes to set this up.. But they are NOT on the same network, you will have to create firewall rules to allow the traffic you want them to talk to each other on, etc. This is NOT as fast as using a switch, your traffic is routed not switched -- there is a HUGE freaking difference.
-
thx johnpoz
Yes its difficult to understand this thread, I have to admit its confusing since I was told its easy to enable internet on the other ports… to its not easy to do so since you have to bridge the ports if you want vpn on those spare ports since its not like a vlan/router.... then back again to yeah you can just enable the ports ;D
I do apologise to asking the same question again but the last 2 pages anyone new to pfsense setup would be well confused id bet!
I think from your last comment your suggesting the switch is the quick newbie fix for me (which I don't mind at this point).....
but if you correctly set up the firewall rules so they can talk to each other etc then its doable as you suggest, so forget bridging ports why not just do that ? ;) -
Yes it is doable routing traffic between 2 different network.. What do you think a router does??
Lets be clear.. You have 4 nics in a router.. Yes it is very easy for 1 of those to be WAN and other to be LAN segments and all 3 of those segments use the same internet or vpn.
But they are NOT on the same network.. They are not on a switched network, if you want your 3 nics to be on the same network the only way to do that is to "bridge" them.
No none of these terms would be confusing to anyone that understands basic networking 101..
Anyone that even failed networking 101 would do it that way.. If you have 1 or more devices you want on the same network then you connect them to a switch.. That is how you network devices together.
