Install pfSense on Stormshield SN300
-
Yes em0 is the internal port, it's connected to port 9 on the switch.
It's frame type has to be 'all' because it's carrying tagged and untagged traffic in your setup.
Then you need to create the vlan interfaces in pfSense on em0.
Soem0.2em0.3etc.Steve
-
I just reviewed my configuration based on what I planned
VLAN>conf VLAN Configuration: =================== Port PVID Frame Type Ingress Filter Tx Tag Port Type ---- ---- ---------- -------------- ---------- ------------- 1 None Tagged Disabled Tag All S-Port 2 None Tagged Disabled Tag All S-Port 3 100 Untagged Disabled Untag PVID S-Port 4 100 Untagged Disabled Untag PVID S-Port 5 100 Untagged Disabled Untag PVID S-Port 6 101 Untagged Disabled Untag PVID S-Port 7 None Tagged Disabled Tag All C-Port 8 None Tagged Disabled Tag All C-Port 9 None Tagged Disabled Tag All C-Port VID VLAN Name Ports ---- -------------------------------- ----- 1 1-9 100 LAN 3-5,7-9 101 DMZ 6-9 832 OrangeDataVoIP 1,2,9 840 OrangeTV 1,2,9 VID VLAN Name Ports ---- -------------------------------- ----- VLAN forbidden table is emptyI just reviewed my configuration according to what I planned
I have :
- ports 1 and 2 in VLAN 832 and 840 for the WAN (in trunk)
Port 1 is the operator WAN
port 2 is a LAN to the operator router WAN- ports 3 to 5 are the LAN - port 6 is for a DMZ (for a server)
- ports 7 and 8 are for a LACP with my manageable switch in trunk
On pfsense, I created VLAN 100, 101, 832 and 840 on em0 and I put em0.100 in WAN port and I connected my local network to one of the LAN ports (vlan 100)
-
Ports 1 and 2 will need to be a C-port or Unaware.
I think S-port is wrong for anything we are doing but on an untagged port it doesn't matter:
https://www.etherwan.com/support/faq/ethernet-switches/what-defines-vlan-trunk-modes-unaware-c-port-s-port-and-s-custom-port
That's probably based on the same switch chip family.That looks correct for LAN. Are you able to connect to pfSense on ports 3, 4 or 5?
Steve
-
I switched ports 1 and 2 to C-port
VLAN>conf VLAN Configuration: =================== Port PVID Frame Type Ingress Filter Tx Tag Port Type ---- ---- ---------- -------------- ---------- ------------- 1 None Tagged Disabled Tag All C-Port 2 None Tagged Disabled Tag All C-Port 3 100 Untagged Disabled Untag PVID S-Port 4 100 Untagged Disabled Untag PVID S-Port 5 100 Untagged Disabled Untag PVID S-Port 6 101 Untagged Disabled Untag PVID S-Port 7 None Tagged Disabled Tag All C-Port 8 None Tagged Disabled Tag All C-Port 9 None Tagged Disabled Tag All C-Port VID VLAN Name Ports ---- -------------------------------- ----- 1 1-9 100 LAN 3-5,7-9 101 DMZ 6-9 832 OrangeDataVoIP 1,2,9 840 OrangeTV 1,2,9 VID VLAN Name Ports ---- -------------------------------- -----I put the em0.100 (LAN) interface in WAN port and I connected my local network to one of the LAN ports (port 3)
To explain what I want to do.
The operator network will arrive on port 1 with VLAN 832 (options 60, 77, 90, 125 must be sent by the DHCP client to obtain an IP) and 840 for television.
On port 2, I send the vlan 832 (with option 90, 119, 120, 125 by DHCP server) and 840 on the WAN port on the operator router.
I retrieve the LAN from the operator router (by disabling the DHCP server to use the pfsense DHCP server) to send it to the pfsense LAN ports (on the Stormshield SN300).
I created a network for myself a DMZ.
There will be NAT on port 1
-
Hmm, OK. Seems complex! I would start simple first.
You were able to connect over VLAN100 to pfSense?
Steve
-
This is why I would have liked to have the Stormshield ports directly seen by pfsense. From what I understand, there is a lack of driver and the driver does not exist.
Yes, I access the pfsense web interface via the vlan 100.
-
It's not so much a lack of a driver as a system design issue. The ports are not connected individually to pfSense, you have to use the switch.
However that may actually be an advantage for what you're doing. Otherwise you'd have to bridge some of the interfaces to get the pass-through to the ISP router.Steve
-
All right,
I will also change the WAN port on em0.832 which will be the final wan port to lie on the em0.100
-
I defined the LAN and WAN interfaces using the interfaces with the vlans
[2.4.5-RELEASE][admin@pfsense-SN300A.home]/: exit exit pfSense - Serial: 1530B00379 - Netgate Device ID: 06645fdd1d35deecde91 *** Welcome to pfSense 2.4.5-RELEASE-p1 (amd64) on pfsense-SN300A *** WAN (wan) -> em0.832 -> LAN (lan) -> em0.100 -> v4: 192.168.1.252/24 DMZ (opt1) -> em0.101 -> v4: 192.168.2.254/24 VLAN_TV (opt2) -> em0.840 ->I found that : http://asmodeus.com.ua/library/os/freebsd/freebsd_interface_em.html
I get stuck at the stage
Собираем это дело: makewith the error
[2.4.5-RELEASE][admin@pfsense-SN300A.home]/root/em-6.9.20/src: make make: "/usr/share/mk/bsd.kmod.mk" line 12: Unable to locate the kernel source tree. Set SYSDIR to override. -
There are no build tools in pfSense, you cannot run 'make'.
But why are you trying to build em? The driver is already loaded.
Those instructions are for an ancient version of FreeBSD anyway.
Steve
-
S stephenw10 referenced this topic on