Second LAN not working
-
@the_only Don't you have to create another vSwitch, map your NIC1 to it, then use that network for your VM's OPT1 NIC? And why are you using 192.160.0.0 subnet? That's not rfc1918 address space.
-
why are you using 192.160.0.0
Ah, that's a typo — I did not make this mistake in pfSense, and have updated the OP. Thanks!
Don't you have to create another vSwitch, map your NIC1…
Like NIC0/WAN, I did not bother creating a vSwitch for NIC1/OPT1 since it's only going to have one device attached to it.
(In any case, if I assign NIC1 to LAN and VMX0 to OPT1, then NIC1 has connectivity and the virtual interface doesn't. My issue is not a hardware one; it's in getting OPT1 per se to work.)
-
@the_only I've always used switches per port or port group and I've never had any problems with interfaces. How do you even map a specific NIC to a VM without using a switch?
-
@kom said in Second LAN not working:
How do you even map a specific NIC to a VM without using a switch?
The thick green lines in the diagram denote PCIe passthroughs.
The catch is, NIC1 works perfectly when I assign it to be the LAN, but when I do that, I then can't get connectivity for the VMs on
vmx0/vSwitch0/OPT1. -
@the_only I wondered if you were using NIC passthrough but I don't know much about that as I've never used it. It sounds from your description that you've done everything correctly. Next step is to post screenshots of your OPT1 config and rules to make sure you did what you think you did.
-
Next step is to post screenshots…to make sure you did what you think you did
Roger that:
(I have done this fresh from a factory-reset installation to ensure no config cruft could have gathered, a few times, and I could not figure out why it's not working.)
-
@the_only That all looks good to me. Do you actively use IPv6?
-
@kom Not particularly at this time, but…
I found the problem (leaving it unspoilered for quick notice of those skimming this thread):
Changing that to
OPT1 netfixed it: the interface and network don't automatically get linked, you have to change them both when copying the rule. -
@the_only I thought you still had NIC1 plugged into LAN, not OPT1. Glad it's working for you now.
-
Log in to viewWow, apparently Netgate login-gates images.
For logged-out users, here's what firewall rule you've got to create (I recommend clicking the "Copy" icon on the existing rule on the LAN tab):
- Action:
Pass - Interface:
OPT1 - Address Family: Any (
IPv4+IPv6) - Protocol:
Any - Source:
OPT1 net[this is what I'd forgotten to set] - Destination:
any - Description:
Default allow LAN to any rule
- Action:
