Weird issue
-
I have a 4 port network adapter, wan1, wan2, lan1 and lan2. For some reason, wan2 which I just set up, has firewall rules for anti-lockout, I thought that should be on lan1. I can't get rid of the rule and would like it back on lan1.
Any idea how to fix this? I do not want to leave that rule on a wan for obvious reasons, port 80 and 22 are wide open to the world.
-
I don't know by what logic they are assigned, but suppose this depends on (non)configured gateway for interface.
Most simple solution would be to disable autocreation of these rules and define them by yourself. -
I have no idea either, but upon creating the interface, it's name defaults to "lan". No matter what adapter i assign to it… Very odd.
-
I noticed there is an option to stop the lockout rule being assigned to the lan interface, but as you said, what defines the lan interface?
-
The ID of the second assigned interface is LAN, and that's where the anti-lockout rule goes. Disable the anti-lockout rule if your second assigned interface isn't actually LAN.
-
Interesting, is there no way to move this around between ports? I mean, it's no big deal, I can just move the cables around and change the IPs of the ports.
-
Just try to assign them in correct (from pfs POV) order from shell menu:
1st goes to WAN1, 2nd to LAN1, 3rd and 4th - doesn't matter. -
Yeah, I was trying to keep my wans and lans together, can't do that. I just turned off the lockout rules, changing the IPs is actually a pain in the butt, I was gonna set up an ip in the same range as one of my lans just so I could move the other ones around… can't do that either.
It's all good, works ok for me this way, if I get locked out I will just have to use the serial interface.
-
"Interesting, is there no way to move this around between ports?"
Huh?? Yes there is.. Just assign your interface to the mac you want. You can do it via the console cli or even in the gui.. But if your doing it from the web gui your prob going to knock your self off..
You need to know the mac of what port you want to assign the interface too. As you can see with mine the mac are made up since my pfsense virtual. I did that on purpose so I know exactly which interface is which in my vm setup.
But its the same thing for a multiple port nic, each port on the nic will have its own mac, they normally increment by 1..
As to which port is which.. Normally going to go from 1 side or the other so like eth0 might be the top as you look at it or might be the bottom, but the port next to it should be eth1 and then eth2, etc..
