Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Multi LAN Setup

    Scheduled Pinned Locked Moved Routing and Multi WAN
    12 Posts 3 Posters 1.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T Offline
      tim.mcmanus
      last edited by

      I checked your other post and have no idea what you're trying to do.

      Can you post screen shots of the WebUI and the configurations you've got set up there?  That will be a helpful start.

      1 Reply Last reply Reply Quote 0
      • D Offline
        DWilkerson
        last edited by

        Ok thanks for the reply I'm working on a project that got handed to me from our IT department.  Basically what I'm trying to do is set this router up for our production area where we put together networks and hardware before it goes out to the customer.  Each network we assemble for that product line uses the same IPs for each server, workstation and printers which is why I have 8 separate networks here.  Also each network needs to be able to change it's IP scheme (ie one product uses 10.10.10.1, another uses 192.168.1.1) so I made recordings in the developer shell which appear to be switching properly but no matter what I do I can't connect using them.  So what I have is 1WAN from our main network then 8 individual LANs that go to each production bench.

        WAN interface (wan, re0)
        Status up
        DHCP
        up 
        MAC address 74:d4:35:84:c1:aa
        IPv4 address 192.168.16.28 
        Subnet mask IPv4 255.255.255.0
        Gateway IPv4 192.168.16.1
        IPv6 Link Local fe80::76d4:35ff:fe84:c1aa 
        ISP DNS servers 127.0.0.1
        192.168.16.5
        4.2.2.1
        192.168.16.3
        MTU 1500
        Media 1000baseT <full-duplex>In/out packets 31778/15676 (41.80 MB/960 KB)
        In/out packets (pass) 31778/15676 (41.80 MB/960 KB)
        In/out packets (block) 10183/0 (1.09 MB/0 bytes)
        In/out errors 0/0
        Collisions 0
        LAN interface (lan, em0)
        Status up
        MAC address 00:15:17:57:c5:e0
        IPv4 address 10.10.10.1 
        Subnet mask IPv4 255.255.255.0
        IPv6 Link Local fe80::215:17ff:fe57:c5e0 
        MTU 1500
        Media 100baseTX <full-duplex>In/out packets 14510/30760 (895 KB/42.45 MB)
        In/out packets (pass) 14510/30760 (895 KB/42.45 MB)
        In/out packets (block) 0/0 (0 bytes/0 bytes)
        In/out errors 0/0
        Collisions 0
        OPT1 interface (opt1, em1)
        Status no carrier
        MAC address 00:15:17:57:c5:e1
        IPv6 Link Local fe80::215:17ff:fe57:c5e1 
        MTU 1500
        Media autoselect
        In/out packets 0/3 (0 bytes/236 bytes)
        In/out packets (pass) 0/3 (0 bytes/236 bytes)
        In/out packets (block) 0/0 (0 bytes/0 bytes)
        In/out errors 0/0
        Collisions 0
        OPT2 interface (opt2, em2)
        Status no carrier
        MAC address 00:15:17:57:c5:e2
        IPv6 Link Local fe80::215:17ff:fe57:c5e2 
        MTU 1500
        Media autoselect
        In/out packets 0/2 (0 bytes/232 bytes)
        In/out packets (pass) 0/2 (0 bytes/232 bytes)
        In/out packets (block) 0/0 (0 bytes/0 bytes)
        In/out errors 0/0
        Collisions 0
        OPT3 interface (opt3, em3)
        Status no carrier
        MAC address 00:15:17:57:c5:e3
        IPv6 Link Local fe80::215:17ff:fe57:c5e3 
        MTU 1500
        Media autoselect
        In/out packets 0/3 (0 bytes/248 bytes)
        In/out packets (pass) 0/3 (0 bytes/248 bytes)
        In/out packets (block) 0/0 (0 bytes/0 bytes)
        In/out errors 0/0
        Collisions 0
        OPT4 interface (opt4, em4)
        Status no carrier
        MAC address 00:15:17:57:c7:2c
        IPv6 Link Local fe80::215:17ff:fe57:c72c 
        MTU 1500
        Media autoselect
        In/out packets 0/3 (0 bytes/296 bytes)
        In/out packets (pass) 0/3 (0 bytes/296 bytes)
        In/out packets (block) 0/0 (0 bytes/0 bytes)
        In/out errors 0/0
        Collisions 0

        ![Screenshot from 2015-06-09 10_33_30.png](/public/imported_attachments/1/Screenshot from 2015-06-09 10_33_30.png)
        ![Screenshot from 2015-06-09 10_33_30.png_thumb](/public/imported_attachments/1/Screenshot from 2015-06-09 10_33_30.png_thumb)</full-duplex></full-duplex>

        1 Reply Last reply Reply Quote 0
        • T Offline
          tim.mcmanus
          last edited by

          Okay, that helps.

          More questions:  Do you need the LANs to communicate with each other or just out to the Internet?

          I've attached two screen shots of my LANs.  Very basic settings to keep things as simple as possible.  You can use the WebUI to quickly configure the interfaces without rebooting pfSense.  It will reload the networking service on the box every time you commit new settings, so be aware of that.

          I also assume you have 8 different physical NICs on your pfSense box to accommodate the LANs.  If not, are you using vLANs and a layer 3 switch to do this?

          Also note that the very first LAN will go out the WAN because that is the default setting.  Every subsequent LAN needs to have firewall rules crated for them to route traffic because those rules are not created be default.  I've attached screen shots of my LAN rules as an example.  My LANs route inbetween themselves so I have an explicit rule for this, but there is a default LAN->Any rule at the bottom of each, again, so everything can route to everything else.  You may need to create different rules to route traffic the way you want it to.

          I encourage you to use the WebUI if you're starting out with pfSense.  It does the job, and screen shots go a long way when troubleshooting.

          ![Screen Shot 2015-06-09 at 12.36.45 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2015-06-09 at 12.36.45 PM.png_thumb)
          ![Screen Shot 2015-06-09 at 12.36.45 PM.png](/public/imported_attachments/1/Screen Shot 2015-06-09 at 12.36.45 PM.png)
          ![Screen Shot 2015-06-09 at 12.36.32 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2015-06-09 at 12.36.32 PM.png_thumb)
          ![Screen Shot 2015-06-09 at 12.36.32 PM.png](/public/imported_attachments/1/Screen Shot 2015-06-09 at 12.36.32 PM.png)
          ![Screen Shot 2015-06-09 at 12.44.02 PM.png](/public/imported_attachments/1/Screen Shot 2015-06-09 at 12.44.02 PM.png)
          ![Screen Shot 2015-06-09 at 12.44.02 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2015-06-09 at 12.44.02 PM.png_thumb)
          ![Screen Shot 2015-06-09 at 12.43.36 PM.png](/public/imported_attachments/1/Screen Shot 2015-06-09 at 12.43.36 PM.png)
          ![Screen Shot 2015-06-09 at 12.43.36 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2015-06-09 at 12.43.36 PM.png_thumb)

          1 Reply Last reply Reply Quote 0
          • D Offline
            DWilkerson
            last edited by

            I have two 4 port NICs in the machine.

            I believe part of my problem is the Firewall Rules I noticed where you mentioned it only included rules for 'LAN", but I am having trouble figuring out how to add one of the rules in.  The top rule on my "LAN" I can't figure out how to add to "OPT1"

            I'm using the web interface now instead of the command line, the big reason I wanted to use the recordings in command line was so the techs on the bench couldn't make changes that would mess up the configuration.  I did solve the reboot issue by running "rc.reload_interfaces".

            Attached are screen shots of the "LAN" Firewall rules and "OPT1" Firewall rules.

            ![Screenshot from 2015-06-09 13_17_47.png](/public/imported_attachments/1/Screenshot from 2015-06-09 13_17_47.png)
            ![Screenshot from 2015-06-09 13_17_47.png_thumb](/public/imported_attachments/1/Screenshot from 2015-06-09 13_17_47.png_thumb)
            ![Screenshot from 2015-06-09 13_51_12.png](/public/imported_attachments/1/Screenshot from 2015-06-09 13_51_12.png)
            ![Screenshot from 2015-06-09 13_51_12.png_thumb](/public/imported_attachments/1/Screenshot from 2015-06-09 13_51_12.png_thumb)

            1 Reply Last reply Reply Quote 0
            • T Offline
              tim.mcmanus
              last edited by

              Okay, my rules were examples.

              Your LAN rules by default talk to everything.  But you also need a corresponding rule on OPT1 if you want it to talk to LAN.  Not sure if this is what you want, but that's what you'd need to do.

              My OPT or LAN2 rule is very specific, you could always copy the defauly LAN rules onto your OPTx and additional LANs.

              1 Reply Last reply Reply Quote 0
              • D Offline
                DWilkerson
                last edited by

                I don't need them to talk to each other but even after I put in those rules the OPT1 interface won't pull dhcp or get out on the network at all.  I've tried to ping the router and the internet but no luck.

                1 Reply Last reply Reply Quote 0
                • T Offline
                  tim.mcmanus
                  last edited by

                  You need to set up services for each interface.  DHCP settings from my two LANs attached.

                  ![Screen Shot 2015-06-09 at 6.09.56 PM.png](/public/imported_attachments/1/Screen Shot 2015-06-09 at 6.09.56 PM.png)
                  ![Screen Shot 2015-06-09 at 6.09.56 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2015-06-09 at 6.09.56 PM.png_thumb)
                  ![Screen Shot 2015-06-09 at 6.10.08 PM.png](/public/imported_attachments/1/Screen Shot 2015-06-09 at 6.10.08 PM.png)
                  ![Screen Shot 2015-06-09 at 6.10.08 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2015-06-09 at 6.10.08 PM.png_thumb)

                  1 Reply Last reply Reply Quote 0
                  • D Offline
                    DWilkerson
                    last edited by

                    OK I found my problem last night I had the same settings for both LAN and OPT1 from the recordings I ran before.  The DHCP server wouldn't start because both ports had the same DHCP pool and subnet.  Is there a way to setup all 8 of my LAN ports where they could have the same network settings at some point?

                    1 Reply Last reply Reply Quote 0
                    • D Offline
                      doktornotor Banned
                      last edited by

                      @DWilkerson:

                      Is there a way to setup all 8 of my LAN ports where they could have the same network settings at some point?

                      1 Reply Last reply Reply Quote 0
                      • D Offline
                        DWilkerson
                        last edited by

                        Not use it as a switch we currently have 8 separate routers for 8 individual networks I wanted to bring that together into one machine is that possible but have the same network settings for each.

                        1 Reply Last reply Reply Quote 0
                        • D Offline
                          doktornotor Banned
                          last edited by

                          No, it is not possible to have "the same network settings" for "8 individual networks", how on earth would you imagine that to work?

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.