Best way to isolate an IP from everything BUT the internet
-
You need to statically set annb address on the new interface to the new subnet you want on that interface. Do it just like LAN.
-
You need to statically set annb address on the new interface to the new subnet you want on that interface. Do it just like LAN.
So you mean i should use /32?
-
No.
You are making a new subnet on a new interface. You need to number the interface then create a DHCP server.
Example interface configuration attached.
-
No.
You are making a new subnet on a new interface. You need to number the interface then create a DHCP server.
Example interface configuration attached.
Thanks! The static ip did the trick. Ok. So i have the opt interface configured. DHCP configured. the computer plugged into the opt1 port on the sg-3100. But it will not pull an IP address. Static does not allow it to connect to anything either.
Any ideas?
-
Did you make a VLAN or not?
When the device is connected to the port does the status go to up in Status > Interfaces?
You have protocols TCP and UDP on your firewall rule. That will not pass pings, for instance. Change that to protocol any unless you can articulate why you need just TCP/UDP.
https://doc.pfsense.org/index.php/Connectivity_Troubleshooting
-
Did you make a VLAN or not?
When the device is connected to the port does the status go to up in Status > Interfaces?
You have protocols TCP and UDP on your firewall rule. That will not pass pings, for instance. Change that to protocol any unless you can articulate why you need just TCP/UDP.
https://doc.pfsense.org/index.php/Connectivity_Troubleshooting
Yes i made a VLAN when first started. Used 320 as the ID. Also the interface shows as up.
-
Then you have to tag the traffic with VLAN ID 320. You mighht be able to do that in the NIC settings on your computer, but it would probably be easier to connect it to a switch that is configured for TAGGED VLAN 320, then connect your test device to a port on the switch that is UNTAGGED for VLAN 320.
-
Then you have to tag the traffic with VLAN ID 320. You mighht be able to do that in the NIC settings on your computer, but it would probably be easier to connect it to a switch that is configured for TAGGED VLAN 320, then connect your test device to a port on the switch that is UNTAGGED for VLAN 320.
Im using a SG-3100. How can i do that with this hardware?
-
Post your Interfaces > Assignments screen
And Interfaces > Switches, Ports
And Interfaces > Switches, VLANs
-
Post your Interfaces > Assignments screen
And Interfaces > Switches, Ports
And Interfaces > Switches, VLANs
posted. Thanks again for the help here.
 -
You cannot do it in the switch there. mvneta0 is not part of the built-in switch. If you really want to use that OPT1 port, and don't want to hassle the VLAN or put a switch on it, then just change the assignment for OPT1 to mvneta0 instead of VLAN 320 on mvneta0 and it will start working.
-
You cannot do it in the switch there. mvneta0 is not part of the built-in switch. If you really want to use that OPT1 port, and don't want to hassle the VLAN or put a switch on it, then just change the assignment for OPT1 to mvneta0 instead of VLAN 320 on mvneta0 and it will start working.
ok perfect. That worked. So let me ask you one last question. If i wanted to do this for one of my LAN ports, is that possible? Or is my best best connecting a switch to the opt1 port and using that for anything i want segmented from the rest of the network?
Thanks again.
-
You could tweak the switch into doing what you want by putting it in dot1q mode with VLAN 320 on mvneta0, then configuring the switch to be tagged on port 5 and untagged on one of the 4 edge ports.
But if you're happy with how you have it just connect OPT1 to a switch (managed or unmanaged) and connect all of the devices you want on that network to that switch.
-
P patrickdickey52761 referenced this topic on
