3rd and 4th Lan Ports for internet
-
Hey
Sorry maybe i wasnt clear.
I have 4 ports on my NIC card
1 = WAN
1 = LAN
1 = NOTHING
1 = NOTHINGI want the two nothings to be LAN ports to give internet out
-
@jonefc said in 3rd and 4th Lan Ports for internet:
I want the two nothings to be LAN ports to give internet out
Okhay
I have 8 ports and I use them for different purposes and there is something to spare....f.e.: DMZ, VPN, etc
Configure the blanks (NOTHING) here:
and here:
+++edit:
https://docs.netgate.com/pfsense/en/latest/interfaces/configure.html
-
I really dont know what the hell im doing wrong. Let me show with images !
So just to explain again
I have 4 ports on my NIC card
1 = WAN
1 = LAN
1 = NOTHING
1 = NOTHINGI want the two nothings to be LAN ports to give internet out. As well as the first LAN port (so 3 outbound internets)
My interfaces are as follows ;
Within the LAN it is -
and both interface OPT1 and OPT2 are as follows ;
A bridge is created
AND FIREWALL ON BOTH OPT1 and OPT2 are as follows;
I have tried connecting the ethernet cable from LAN to OPT1 and OPT2 and get no internet. Any ideas?
I am totally stuck.
-
any ideas anyone?
-
You may discard the Bridge and then you need to give the OPT1 and OPT2 Interfaces a Static IP and configure a DHCP Server for each.
If you really want to bridge OPT1 and OPT2, assign the bridge to an new Interface and enable it, create a rule for it.
https://docs.netgate.com/manuals/pfsense/en/latest/the-pfsense-documentation.pdf page 448
-
ok so i know how to give them IP.
How do i configure a DHCP server for each?
-
Visit Services > DHCP Server
"LAN" will be selected, and you see that you have 2 other interface names, typically OPT1 and OPT2.
Click on OPT1, and set up a range, like 192.168.2.2 - 192.168.2.254 if 192.168.2.1 is the pfSense OPT1 base address.Idem for OPT2, 192.168.3.2 - 192.168.3.254 if 192.168.3.1 is base.
Don't forget to hit Save.
And be carefull : the LAN interface has a default pass all firewall rule.
The OPT1 and OPT2 have no rules - DHCP will work ;) but nothing else.
Copy the default LAN rule to OPT and OPT2 and you are ready to use both interfaces. -
@jonefc said in 3rd and 4th Lan Ports for internet:
any ideas anyone?
Note: It would be a smart thing to keep one of the interfaces just to manage (Mng. interface) your pfSense box,
and set special rules to keep the bad guys don’t have access to your important things -
Thanks for your help there.
I thought i had cracked it but no internet on either OPT1 and OPT2.
Have a look at these settings ..
THIS IS THE SAME FOR OPT2 BUT THE IP ADDRESS IS 192.168.3.1
THIS IS THE LAN DCHP SERVER
AND NOW OPT1 and OPT 2
OPT 2 IS Range 192.168.3.10 > 192.168.3.245
Firewall rules for both OPT1 and OPT2 are below
AHHH !
-
Just copy the default LAN rule with the red arrow icon and apply it to OPT1 and 2
Do not forget....
OPT1 and OPT2 Net!!!!! (in my example DMZ net)
-
When you (think you) finished the setup of OPT1 :
Connect the cable of a device - typically, a PC.Use the
ipconfig /allcommand to check if the IP, mask, gateway and DNS are ok.
The gateway and DNS should be the IP of pfSense, the interface you are connected to.
The IP should be in the pool of that interface.Also, check on pfSense, Status > System Logs > DHCP and look for the MAC of your device you connected to the OPT interface. The same IP - the 'lease' is shown there .
The firewall rules you shwoed, one for IPv4 and one for IPv6 are ok.
IPv6 are needed only needed if you actually need and set up IPv6 . -
done everything above, and still no luck !
Any ideas. I copied the firewall profile as shown below.
-
i get nothing on the other connections using IPCONFIG
-
pls show the rules for opt1 and opt2, and the dhcp server for opt1 and opt2. There should be a rule " IP4 * allow any to any" in opt1 and opt2 and a running dhcp server on both interfaces.
-
Well your never going to get anywhere with a 169.254 address. Clearly you device did not get an IP from dhcp server.
-
@jonefc said in 3rd and 4th Lan Ports for internet:
I copied the firewall profile as shown below.
the copy must be apply / validated on OPT1 and OPT2, not under the LAN interface
+++edit:
the firewall sets the "default allow rule" to LAN only by default -
While true he needs firewall rules on optX interfaces to allow internet access from them.
Step 1 in his problem is whatever client that was on whatever optX network is not getting IP from dhcp server.
You need to validate dhcp server is enabled on your optX interface, and the client that is set for dhcp is actually connected to this optX network..
Either directly into the interface on your pfsense box, or a switch that is only connected to this optX network and your clients you want on this optX network.
You can not plug lan and optX networks into some dumb switch and hope to run multiple L2 networks on it and for dhcp to just magically know which client should get what IP from which dhcp server.
-
In principle, the OP configured a DHCP server somewhere for OPT1, but it failed....?!? (shown above)...hmmm
192.168.2.0.....if I see it right
so there are several problems here
+++edit:
I suggested him / her read the handbook first, because these are very basic steps, what will happen later? -
Yeah failed why? He never stated where he has that device plugged in. Maybe it connected it to opt2 and only enabled dhcp on opt1?
But clearly the optput of ipconfig shown did not get an IP from dhcp server. 169.254 isn't going anywhere that is a APIPA address when a dhcp client doesn't get an IP from a dhcp server.
-
@johnpoz said in 3rd and 4th Lan Ports for internet:
169.254 isn't going anywhere
this is true....
he wants both interfaces, (OPT1 / OPT2), but none succeed
