help to setup vlan for 2 lan ports
-
Thanks for reply..
With access from pfsense I mean manage access only.. I don't need anyone accessing from another side.Yes I'm bridging them... by the way yesterday was playing a little bit and the way that I found to do this was creating another bridge and creating firewall rules to restrict traffic between bridges....
I bought some servers to do a lab an Oracle RAC lab...
Each Oracle server need to be connected to a public ip and each server need to be connected to a private network between them (for this is what I need to create a VPN )
Those servers came with several nics including some of 10gbe,
I used one as NAS and others for Oracle... One of the options was buy a 10gbe switch but are quite expensive so I decided test with pfsense
So far it has been working great |-left aligned paragraph -
Ah so you bridged the 10ge.. So these servers could talk to each other at 10ge? Why could you not just directly connect them vs going through pfsense?
Confused about the vpn needing a private network?
So you want a administration vlan to pfsense it sounds like. Sure any interface could be connected to admin only network. Or you could just use a vlan to do that. A drawing would help figure out the best way to skin this cat.
-
is something like this..
the 10gb are for the storage, so I can access faster the storage from servers and from my pc
In the public one I have my pc, laptop, tv and xbox too
one of the requisites is that oracle can't be connected directly between them... -
this is the config that I'm using right now..
-
the other bridge that I created (SANBRIDGE) was only to test... to see if I connect SAN with a private port to RAC servers
-
Let me know when you have a drawing, and a description of what exactly your trying to accomplish. Other than seeing that box has a shitton of interfaces.. And what looks like stuff connected to switch.. Break out your layer 2 networks.
Yours don't seem to make any sense because you have sources of different networks.. Do you have downstream networks routed to your bridge interface? Are you running multiple layer 3 on the same layer 2?
So far it looks like a complete mess.. If anything can talk to anything it would be anyones guess what path its taking. I can make out 3 L3 networks 192.168.0, .1/24 and 10.0.0/24
If you want to leverage all those your interfaces to create your layer2 networks then do so.. But from from your rules looks like you have rules to networks that would never been seen on that layer 2..
For example on your bridge you have all 3 different layer 3 networks blocked from talking to each other.. Which specific layer 3 is on this L2 network (bridge)?
From this mess it looks like your trying to run these 3 different layer 3 networks on the same layer 2 and then blocking what exactly??
When you say public IP - do you really mean rfc1918 (one of the 3 you list?) that is on the same layer 2 as your lan - or is routed to your lan cloud you list?
-
I know is a mess jijij
but this is the only way that I found that worked for me :(
with public I mean my pc, xbox everyone with internet access
I don't understand much your questions...
the config that I want is something like this (imagine as separately devices):
1 router with dual wan
1 switch connected to the router with internet access (192.168.1.0/24)
1 separately switch (192.168.0.0/24) with no internet access and completely separately from network
another separately switch (10.0.0.0/24 ) with no internet access and completely separately from network
everything done in the same machine...
will be something like this:
let me know if that works for you :$
and thanks again for taking time to reply ... -
So create a bridge with the ones you have circled. Create another bridge with the purple interfaces, create another with your red.
Now connect the devices you want on those networks to those ports.
What exactly is the dual wan suppose to connect to? Where is the router that gets you to the internet? Is it on this 192.168.1 network? Is it something that your going to connect your dual wan interfaces?
With your circles you have called out 4 different layer 2 networks. If you want to connect a server to both 192.168.1/24 and 192.168.0/24 where .0/24 is your storage then those interfaces would NOT have gateways on the device - since that network would only be used to talk to some storage device.
What your calling public sounds more just like your lan network to me - is pfsense going to route/nat this to get to the internet connected on your dual wan listing... Or is your router to get to the internet also on this 192.168.1/24 network? Connected to pfsense?
-
@johnpoz said in help to setup vlan for 2 lan ports:
What exactly is the dual wan suppose to connect to? Where is the router that gets you to the internet? Is it on this 192.168.1 network? Is it something that your going to connect your dual wan interfaces?
I put router to passthrough so wan right now have 186.15.145.x ip
the other wan is acting as failover...and now I'm little bit lost,
because that is exactly what I was trying to do
create 3 diff bridges
one for green one for purple and one for red
as far as I remember I don't put any gateway but checking I think that is what you talk
public is lan network (sorry we used to call it public when work with oracle databases)... when everyone will connect to each other and everyone will have internet...
-
Well that is NOT what you did on you rules..
-
that Is what I tried to do :(
Do you have a manual or something that I can follow
Thanks
