Great pfsense start

kappclark

@provels said in Great pfsense start:

IBM-branded Intel i340-T4

Thanks for the suggestions ...

So, something like this on ebay ?

provels

@kappclark That's a Broadcom chip and a bit of searching seems to show it doesn't work well with FreeBSD. I'd go Intel, like this, and you can get 4 ports for not much more than 2:

https://www.ebay.com/itm/IBM-49Y4242-Quad-Port-Ethernet-Gigabit-PCI-E-High-Profile-Network-Adapter/233466919584

https://www.ebay.com/itm/HP-NC365T-593720-001-4-Port-PCIe-1-Gbps-Ethernet-Adapter/324059575792

Use the Ebay links in the previously ref'd article. Also, some sellers include both the normal and low profile brackets if you need that.

kappclark

Thanks ! -- just ordered it -- and free shipping !

I am assuming the card is plug and play ?? Should I re-install pfSense (hope not to do this ..)

Regards

provels

@kappclark pfSense will recognize the new card fine, you'll just need to reassign the interfaces. No biggie.

kappclark

Thank you - will followup with forum when card gets installed...

kappclark

@kappclark said in Great pfsense start:

Thank you - will followup with forum when card gets installed...

---

Got 4 port card in yesterday -- installed into ITX box. All 4 ports came up, and also the built-in ethernet port on MB.

Configured igb0 as WAN and igb1 as LAN ... set interfaces IP and set to auto for speed and duplex. rebooted, and all good ...

Now that I have additional interfaces, how hard would it be to hookup a second wireless access point as a 'guest' network for items like Alexa, firestick, vistors' tablets etc ?? I have an extra router, can be set to bridge mode/AP only mode...can PFSENSE create a second scope for the wireless interface (say interface igb2 ?), allowing it to only goto Internet and stay off the LAN ?

THX again

NogBadTheBad

@kappclark said in Great pfsense start:

It is a AMD Athlon based box w/4GB ram and 120G ssd ... colossal improvement over the 5 year old Linksys E1200 wireless router, which I always seemed to be rebooting ..I am using a USB ethernet nic for the LAN side, and seems to work fine, but woud like to get a dual-port nic.
Can anyone recomment a good one ? I think Intel makes good ones...
Bill Clark, Windham, VT

IMO you'd be better off buying an access-point and a switch that supports vlans, I use a Ubiquity UniFi AP-AC-Pro.

That way you'd have all your wireless networks on a single AP, its a recipe for problems having multiple access-points providing different networks especially at 2.4Ghz.

https://forum.netgate.com/topic/132431/simple-vlan-for-pfsense-unifi-ap-ac-lr

You could use your old router just for a guest network by switching off dhcp on the thing and connecting it to your guest LAN port on pfSense.

kappclark

@NogBadTheBad
Yes - just did that and works fine --- can the new 'guest' network be configured so that it lives on a different subnet from the home network ? Perhaps some kind of dhcp relay ?

Thx for reply ...

NogBadTheBad

@kappclark

If you are using 192.168.1.0/24 on your LAN interface configure an unused pfSense interface as 192.168.2.0/24.

Set up the DHCP scope on the new interface.

Create a new alias to include all your IP subnets and pop firewall rules on the guest interface like this:-

Configure the old wifi router to have an IP address in the 192.168.2.0/24 range and connect the old wifi routers LAN port to pfSense.

No need for dhcp relay.

kappclark

Thanks so much -- I have already started on this and will let you know how it goes ..

your reply is very helpful

kappclark

SO - the router was reset as an AP - now has static address 192.168.2.254 - changed the password and SSID

I can connect and authenticate to this wireless with my phone....

But - I cannot obtain an IP address..seems DHCP is not working correctly..I have checked that it is enabled ..

I have created a scope on the GUESTOPT1 interface going from 192.168.2.100 - 192.168.2.150.

The address of the ethernet interface on the pfsense is 192.168.2.211

I am sure I am missing something so obvious ...

Confused, I remain ..

NogBadTheBad

@kappclark

A few things to check:-

Can you ping the ap from pfsense?

If you connect a PC to the guest interface does it get an ip address?

Have you connected the guest pfsense interface to the LAN interface on the AP?

stephenw10

How are you connecting the router? Is it really just as an Access Point? If it's just acting as a layer 2 device DHCP should pass it.

Steve

kappclark

Yes - can ping the AP from pfsense:

Disconnected AP. Connected laptop to OPT port directy -- received IP address from given scope (192.168.2 104) ...

but amazingly - it now works ... I removed the firewall rules on the interface and added only a default rule.

I have the laptop and the firestick both working off the AP ... and Alexa is happy as well....

I will connect wife's phone, laptop and tablet ...

Thank you very much for your help in this ...

kappclark

---

Just a followup -

FWIW - Here is a very good guide I found on securing the private network -- maybe be of some help for the next person ..

once the crew here steered me in the right direction, I knew what to search for ... what a valuable resource ..

NogBadTheBad

@kappclark said in Great pfsense start:

---

Just a followup -

FWIW - Here is a very good guide I found on securing the private network -- maybe be of some help for the next person ..

once the crew here steered me in the right direction, I knew what to search for ... what a valuable resource ..

Slight issue with the guide he creates an IPv4/IPv6 rule with an IPv4 only alias and also allows http, ssh, etc ... access to the guest lan interface.

NogBadTheBad

This post is deleted!

kappclark

Never would have picked that up ! Thx for heads up ... this is gong to be lots of fun ..

joshepmurray

This post is deleted!