Need help enabling other Nics to work

Fevan

thx johnpoz

Yes its difficult to understand this thread, I have to admit its confusing since I was told its easy to enable internet on the other ports… to its not easy to do so since you have to bridge the ports if you want vpn on those spare ports since its not like a vlan/router.... then back again to yeah you can just enable the ports  ;D

I do apologise to asking the same question again but the last 2 pages anyone new to pfsense setup would be well confused id bet!

I think from your last comment your suggesting the switch is the quick newbie fix for me (which I don't mind at this point).....
but if you correctly set up the firewall rules so they can talk to each other etc then its doable as you suggest,  so forget bridging ports why not just do that ?  ;)

johnpoz

Yes it is doable routing traffic between 2 different network..  What do you think a router does??

Lets be clear.. You have 4 nics in a router.. Yes it is very easy for 1 of those to be WAN and other to be LAN segments and all 3 of those segments use the same internet or vpn.

But they are NOT on the same network..  They are not on a switched network, if you want your 3 nics to be on the same network the only way to do that is to "bridge" them.

No none of these terms would be confusing to anyone that understands basic networking 101..

Anyone that even failed networking 101 would do it that way..  If you have 1 or more devices you want on the same network then you connect them to a switch.. That is how you network devices together.

stephenw10

Calm down it's nearly Christmas.  ;)

The reason you might want to bridge the NICs would be so that devices connected to them end up in the same network subnet. The reason you might want that is that some software only works inside a single subnet. So, for example, if you have a media server you will probably find it's client software can only discover it if it's on the same subnet. You may have trouble browsing network shared folders across two subnets.

Steve

johnpoz

This is been one of the most frustrating threads I can remember ;)

Fevan

But I haven't even started to ask my questions yet….seriously  :-* I have a ton more lol

I think johnpoz you best sit down before reading this next bit in case I am wrong :)

Ok I could be wrong on this but what you guys are suggesting is while I can use ports 3/4 for internet for a 2nd laptop or desktop etc,  using a networked media player box or server would not work on those spare 3/4 ports since it can't be networked and share the same network ie browse for files or use a media player to stream files shared from my desktop ?

Hence why your suggesting a switch is golden and an easy fix and allows networking fully between all devices ?

Its perfectly fine to hulk out with the answers, good or bad I just need the info after all.

johnpoz

"using a networked media player box or server would not work since it can't be networked and share the same network ie "

Dude come on – really this can not be a really question.. Your just fucking with me now??  Nobody said anything of the sort -- do you really not have a clue to what a network is?  Is it possible that "something" might not work - sure..  Your microsoft network browsing is going to have a hard time since it doesn't work across segments..  If you were trying to use chromecast from one of the other segments - going to fail, etc.  So yes some lame ass media player that does not understand network segments might fail, yes -- that in no way what so ever means ALL of them.. JFC!!  arrrghhhh

This just seems way to complicated for you - I suggest you just plug in some soho router and be done with it..  I am just amazed that you were able to get tomato installed on something.. Did you buy it with tomato preinstalled?

stephenw10

Yes, mostly.  :P
In fact it varies between applications/protocols.
IMHO any decent media player should allow you to enter the IP address of the server you are connecting to manally. In which case the server can be in a different subnet and you'd have no problems (as long as you've put in firewall rules to allow that traffic). Yet many media players, particularly those built into a smart TV or games console, do not give you this option. They rely entirely on searching for and finding the media server automatically, often via UPNP, and they only look in the local subnet.

My advice would be try it and see. Don't spend more money on hardware until you have proven that what you already have is insufficient. I have 10 separate subnets here at home and only very very rarely run into any problems and even then they can usually be worked around without having to changing cabling and switches etc.

Steve

Fevan

See edited post of what I meant to say….

this:

Ok I could be wrong on this but what you guys are suggesting is while I can use ports 3/4 for internet for a 2nd laptop or desktop etc,  using a networked media player box or server would not work on those spare 3/4 ports since it can't be networked and share the same network ie browse for files or use a media player to stream files shared from my desktop ?

stephenw10

Like I said it's a potential problem but, like I also said, I never see it.

The additional interfaces must be on a different subnet in order for routing to work correctly. If you really need them to be on the same subnet you have to bridge them. You probably don't need that though.

Setup your interfaces so that you can plug in a client machine to any of them and receive an IP via DHCP and then get general internet access. If you copy the 'default LAN to any' rule from the LAN interface, but change the source field to match, you should then have access to anywhere from anywhere. See if you have any problems. Try to work around them. Ask more questions.
If you find something that really can't be made to work and you absolutely must have we can talk about bridging.

Steve

johnpoz

This guy is just fucking trolling now.. Nobody is this freaking dense!

stephenw10

Ha.  ;D
It just depends how you read it. We all knew nothing about networking at some point. Give the guy a break, it's Christmas!  ;)

Steve

Fevan

thanks stephenw10 you are hero of of 2013, great minds think alike I was thinking since internet was not working (ports 3/4) I decided to go back to square one and copy the pfsense settings within interface & firewall rules just to see if internet can work but I did so without the openVPN settings which it did prove to work just fine.

I noticed on OPT1/2 I left it on LAN Subnet under Source, how on earth did you figure out my Source setting was incorrect ?

I set it to OPT1 subnet and did the same for OPT2 after reading your post, plugged in ports 3/4 and it popped up with internet connection.

Added my OpenVPN settings and retried just now under Lan and ports 2/3/4 all working fine under my VPN provider :D

I have further defaulted the gateway dns servers and assigned private servers instead so I do not get IP or DNS leaks, also paused OpenVPN and tested if it works !

I have saved the xml 4x

I have renamed my pfsense box to Johnpoz under General Setup but it came back with an error which I ignored

Relax I am messing around :P, thanks to all you guys including johnpoz I got there with a bit of testing and playing around I was surprised that most of the advanced and basic settings can be ignored or left on default… wish I knew that well before getting into pfsense. Next I will consider poe/switch to add more devices !

Merry Xmas all