I have more interfaces than actual hardware ports
-
Simply delete the interfaces assigments in over from the "assing" tab.
can you post a print screen of what you mean?
also, what do you plan to do with 8 network interface not understanding subnet basics?
Zikmez
I'll post a screenshot in a bit. Well the 8 network interfaces, I am thinking of them as 8 ports. So I plug in one computer for each port, like a regular router all on same subnet, can I not do this or is it not preferred to do this? I am beginning to think I am supposed to be brigding something…
-
You are totally wrong wanting to put all computers on differents NICs.
interfaces of pfsense are used to subdivise or separate some dinstinct network . ex: group of computers of building A and group of computer in building B. after what you can specify what goes betwenn A and B. but for you, you only need 2 interfaces. One for the internet, and another for your LAN. connect this interface to a switch or a router with dhcp server turned off and you'r in business.
You can connect as many devices you want to one interface using switches and it will be the job of the switch to manage communications between each host, not the job of pfsense.
-
You are totally wrong wanting to put all computers on differents NICs.
interfaces of pfsense are used to subdivise or separate some dinstinct network . ex: group of computers of building A and group of computer in building B. after what you can specify what goes betwenn A and B. but for you, you only need 2 interfaces. One for the internet, and another for your LAN. connect this interface to a switch or a router with dhcp server turned off and you'r in business.
You can connect as many devices you want to one interface using switches and it will be the job of the switch to manage communications between each host, not the job of pfsense.
ohhh i see. So I still need some switches? I have a linksys router set in bridge mode which acts like a switch i think. Can I not assign one of the other interfaces as a switch or bridge to LAN?
-
of course you could, but i would have to make a practical test for that one to give you de right step by step. (i'm not sure for the bridging part under the pfsense firewall)
but you don't need that at all.
and for the linksis router, it is NOT set in bridge mode but in SWITCH mode as the routing services are disabled. If you want to be able to access the daskboard of the linksys from your network,
you have to give it an unused adress and keep it under the same subnet. i mean the "router adress" wich is equivalent to "interface adress" under PfSense. give something like 192.168.0.5 and keep it under 255.255.255.0 of you have a /24 CIDR under PfSense. It's the same thing expressed a different way.
/20 would mean 255.255.240.0 but for now, stay under the /24 or 255.255.255.0
Subnet concept are not easy to figure out, it took me over 10 years to fall on someone who could make me really understand it loud and clear. i am thinking starting to make some tutorials videos.
Zikmen
-
of course you could, but i would have to make a practical test for that one to give you de right step by step. (i'm not sure for the bridging part under the pfsense firewall)
but you don't need that at all.
and for the linksis router, it is NOT set in bridge mode but in SWITCH mode as the routing services are disabled. If you want to be able to access the daskboard of the linksys from your network,
you have to give it an unused adress and keep it under the same subnet. i mean the "router adress" wich is equivalent to "interface adress" under PfSense. give something like 192.168.0.5 and keep it under 255.255.255.0 of you have a /24 CIDR under PfSense. It's the same thing expressed a different way.
/20 would mean 255.255.240.0 but for now, stay under the /24 or 255.255.255.0
Subnet concept are not easy to figure out, it took me over 10 years to fall on someone who could make me really understand it loud and clear. i am thinking starting to make some tutorials videos.
Zikmen
I tried bridging an interface to lan under interfaces > assign so I guess that is one step down? Next is firewall as you say however you also say that ido not need to be bridging anything? The only other alternative is using a switch yes? As for the router I can't access the dashboard as you say and I have been fine with that and I don't really know how to do what you are saying, unless I really have to do that then I'll try and learn but otherwise I won't as it is doing its job pretty well. (Right now I have the router with the option "bridge mode" or switch mode, whichever it was, connected to my modem thay has only one port. I wanted to have a router connected as well as a computer but not one after the other).
I believe you about taking 10 years to find someone well knowledgeable about subnets and that is pretty amazing you have been able to learn from him/her. If you have the free time I'd say go for it. -
i'm not sure to understand why did you connected a router in bridge mode directly to a modem….
There is what you want to do
CABLE or DSL MODEM
connected to
WAN Nic of PfSense
then
LAN nic of PfSense
connected to
Briddged mode router port 1-4 (you have 3 left for workstations.is that what you have?
-
i'm not sure to understand why did you connected a router in bridge mode directly to a modem….
There is what you want to do
CABLE or DSL MODEM
connected to
WAN Nic of PfSense
then
LAN nic of PfSense
connected to
Briddged mode router port 1-4 (you have 3 left for workstations.is that what you have?
No that is not what I have. I am still in the middle of changing around the order the devices will be in and I have family in my house that are using the Internet so I can't put the pfsense box first yet as I havent gotten everything set up. My current set up is
MODEM
V
Router set up in bridge/switch mode
V V
SonicWall Tz 210. pfsense box
(So other people
at home can access Internet
for now)The Vs are basically connections, the router that is in bridge mode has 4 Lan ports, 2 of which are in use.
My final setup will be
MODEM
V
Pfsense box
V. V
Sonicwall Switch OR interfaces configured as bridges(I want to take advantage of the interfaces since I bought them, I bought themy for the wrong thing but since I have them I'd like to take advantage instead of having to use or buy another switch if possible)
-
you cannot connect two devices to a straight modem through a switch as the modem wil provide only one ip adress. there is a case where it's not perfectly true.
what is the model of the internet modem?
usually we do not put two devices on a modem. you'r temporary setup should be
modem
V
SonicWall router
V V
Others workstations PfSense WAN Nic
V
Switch mode router
V
Test workstationYou'r beter to use a dedicated switch (included onboard on any router) to do the switching job than giving that job to PfSense. you will have better performance since the data will not pass through the cpu.
take a look at this picture to figure out how thing are made inside a router.
Zikmen
-
you cannot connect two devices to a straight modem through a switch as the modem wil provide only one ip adress. there is a case where it's not perfectly true.
what is the model of the internet modem?
usually we do not put two devices on a modem. you'r temporary setup should be
modem
V
SonicWall router
V V
Others workstations PfSense WAN Nic
V
Switch mode router
V
Test workstationYou'r beter to use a dedicated switch (included onboard on any router) to do the switching job than giving that job to PfSense. you will have better performance since the data will not pass through the cpu.
take a look at this picture to figure out how thing are made inside a router.
Zikmen
Well the thing here is that I have 5 static ips given by ISP, not dhcp, so wouldn't this make it acceptable to have two devices hooked up to the modem as I can assign them an ip? I am writing this from my phone atm and am about to go to bed but I can try and find the model number for you if you are interested tomorrow morning. Hmm, that bit about performance does intrigue me but I have so many available ports now (after learning one port is not for each device lol) i feel like buying the extra card or a 4 port card was a waste…I could return one of them.....I don't know really. The price of the card is more than a standard switch I think. Hmm, I'll have to think it over.
The reason the SonicWall is not first is because it was giving me problems with my one of my tesr servers when transferring filea through ftp and it also disconnecting users from game servers every 10 minutes such as cs source and mine craft. I did testing and knew it was something related with the sonicwall aa I put the server directly behind the modem and all the problems disappeared.
-
Is the modem giving you good public IPs to both the sonicwall and pfSense and not doing NAT? If yes then you're good to go.
As has been said, just forget about bridging on pfSense. Get a switch. Let your router route. Let your switches switch. You will be happier and your network will perform better and everytime you post people won't be saying, "What are you doing bridging? Just get a switch!" Classic case where "just because you can doesn't mean you should" applies.
-
Is the modem giving you good public IPs to both the sonicwall and pfSense and not doing NAT? If yes then you're good to go.
As has been said, just forget about bridging on pfSense. Get a switch. Let your router route. Let your switches switch. You will be happier and your network will perform better and everytime you post people won't be saying, "What are you doing bridging? Just get a switch!" Classic case where "just because you can doesn't mean you should" applies.
Well we have 5 ips to choose from, really 3 as two other ips are being used by computers. On the SonicWall we assign one ip and then on pfsense we assign another. Yeah I am finally agreeing with you and getting a switch for one interface and connecting everything to the switch. Currently I do not have a switch but will try buying one today or tomorrow. Could I use the router that is set in bridge mode (currently it'a connected to the modem as in the diagram) in the mean time to replace what a switch would be doing until I buy a switch? Also, does a bridge add another "layer" to the network in any way (by layer I mean like having one router connected to another or something)?
-
What hardware are you running pfSense on?
Whilst it is possible bridge your interfaces and have them behave like a switch it's usually a bad idea for the reasons already given.
If however you end up with unused ports that you want to add to a bridge I did write some instructions a while ago:
https://forum.pfsense.org/index.php/topic,48947.msg269592.html#msg269592To answer your original question, you can easily end up with more interfaces than you have ports because some interface types are 'virtual'. This includes VLAN interfaces, PPPoE interfaces and bridge interfaces.
Steve
-
A bridge is a layer 2 device. It might have an IP address for management purposes but it doesn't appear as an IP "hop" in traceroutes and the like.
I don't know if the router you have between the firewalls and the modem is necessary to what you're doing. It really sounds like you need switches on the outside (for your modem, public IPs, and firewall WAN ports) and the inside networks (for your workstations, access points, etc.)
-
A bridge is a layer 2 device. It might have an IP address for management purposes but it doesn't appear as an IP "hop" in traceroutes and the like.
I don't know if the router you have between the firewalls and the modem is necessary to what you're doing. It really sounds like you need switches on the outside (for your modem, public IPs, and firewall WAN ports) and the inside networks (for your workstations, access points, etc.)
yes I need switches but the way I have everything set up is temporary and has been that way for a while as I've been looking for a replacement to my tz 210 as it has been giving me problems however my father wants his stuff behind the tz 210. I have the router configured in bridge mode so I could say it'd acting LIKE a switch..I'm going to try to buy one today or tomorrow. Ultimately when I buy my switch it will just be modem > pfsense box > switch in one interface and then either the SonicWall will be on its own interface with different subnet separated, or connected to the switchurch OR eliminated entirely as its just acting really crappy.
-
What hardware are you running pfSense on?
Whilst it is possible bridge your interfaces and have them behave like a switch it's usually a bad idea for the reasons already given.
If however you end up with unused ports that you want to add to a bridge I did write some instructions a while ago:
https://forum.pfsense.org/index.php/topic,48947.msg269592.html#msg269592To answer your original question, you can easily end up with more interfaces than you have ports because some interface types are 'virtual'. This includes VLAN interfaces, PPPoE interfaces and bridge interfaces.
Steve
it's running on a standard desktop PC I built. core i3 4150, 8gb ddr3 1600mhz, asus z78 pro mobo, and two HP NC364T which use the Intel 8751 chipset or something. I've seen your instructions actually a little while ago ha ha, I've read it again and I notice you say one proceduee can be done if I don't need to worry about adding ruses on the interfaces, however I need to add some ports. Then at the end you say no rules will need to be added on the interfaces as it will inherit the rules from Lan, so would I just add the rules on lan?
I still want to go for a switch but this is interesting now and I'd like to know if you could answer that one question I have so I would know for future cases in case I ever wanted or somehow had to bridge interfaces.
-
Just run 'ifconfig' at the console and it will show you all the interfaces in the box whether or not they are assigned or enabled. Paste if here if you have any more questions about it.
Steve
-
Alright so I have hooked up a router configured in bridge mode (that's all I have to act as a switch atm) to the LAN interface and now since I have dhcp enabled on the lan interface, anything plugged into that switch that is configured to automatically get an IP will in fact get one right?
Also, will pfSense still be able to monitor what devices are connected (since everything is going from the switch and then to lan)?
-
Yes, as long as the router really is only switching.
pfSense will know which devices have which IP addresses and hence what is connecting to outside addresses. It will not have any knowledge of traffic between devices on the switch.Steve
-
Yes, as long as the router really is only switching.
pfSense will know which devices have which IP addresses and hence what is connecting to outside addresses. It will not have any knowledge of traffic between devices on the switch.Steve
alright sounds good. Don't know if you can give me a hand with this but I have hooked up a server/computer I have to the switch (remember switch is connected to LAN interface) and I want to establish a link with the internal ip and external IP, so I will have to do a 1:1 NAT. I did one and I also made a rule on the firewall on the wan interface to allow traffic from Port 443 (testing purpoes) on my internal IP but when I type my external IP into the address bar from another computer nothing will load. I will post screenshot in a few seconds.
-
Why did you put a destination in your 1:1? Did you read the text?
