SG-4860, simple setup of OPT1, 2, 3, 4



  • Hi, I guess this has been answered before - please could someone point me in the right direction?  I am installing the 4860 as a firewall across my home network.  I want to use the LAN port and four OPT ports to connect to the home network and the WAN port will connect directly to my cable modem.

    • I just want a single network 192.168.1.x

    • I want all the ports to be on the same network.

    • OPT 1 -> 5-PORT switch -> TV, etc

    • OPT 2 -> WLAN Antenna

    • OPT 3 -> WLAN Antenna

    • OPT4 -> 5-PORT switch -> PS4, Computers

    How do I do this?
    Thank you


  • LAYER 8 Netgate

    You get a bigger switch and plug OPT1 into that and everything into the switch.

    I would just use LAN, not OPT1, unless you have other reasons for using OPT1.



  • If you really want to segregate parts of your network for security (e.g. provide a WiFi net for visitors that has no access to your general home stuff) then sure, put it on a separate NIC and subnet.
    But otherwise, as Derelict says, it will be easy to have a switch with enough network ports for all your stuff and run a single LAN.
    Devices that want to talk to each other will be easiest if they are on the same subnet - that avoids problems with "dumb" devices that might not be very good at routing traffic back to its client.

    The general idea for making different IPv4 subnets is:

    1. Choose a bunch of parts of the private IPv4 address space - e.g. 192.168.101.0/24 192.168.102.0/24 …
    2. Enable each interface and give it an IP address in the subnet:
      LAN 192.168.100.1/24
      OPT1 192.168.101.1/24
      OPT2 192.168.102.1/24
      ...
    3. Enable DHCP on each interface and give it some range of addresses in the corresponding subnet of the interface.
    4. Add rules to each interface to pass the traffic that you want (e.g. pass all, or block traffic to other local subnets then pass all to the public internet)


  • Thank you both for the advice.  I did want everything on the same LAN, but it's a good point about the guest wifi.  The bigger switch is a red herring because I have switches on different floors and it defeats the object of paying the premium for a 4860, with five nics.  I've found a how-to http://www.cyberciti.biz/faq/how-to-pfsense-configure-network-interface-as-a-bridge-network-switch/ so I'll have a go at that first.  If anyone else wants to contribute to the thread, please do  :)


  • LAYER 8 Netgate

    You bought a device with router ports, not switch ports. Bridging router ports does two things:

    1. makes a lousy switch
    2. wastes perfectly good router ports

    Instead of bridging get another small switch, connect it to LAN, and connect all your ancillary switches/APs to that. You will be happier for it.



  • Thank you Mr. Derelict …. I take your point.  I will follow the advice.  I've been trying to make the bridge as per the cookbook, but it doesn't seem to work anyway.  Switch is simplest.  Off to Amazon - make Mr. Bezos a little richer;  I remember reading about him when he started up.



  • OK, so far so good. I've set up a 192.168.3.0/24 LAN … I added a static address for the wireless access point of 192.168.3.254, which is showing in the DHCP leases to the correct device but it is showing offline the Internet works via the AP but I cannot browse to the AP ... is the firewall blocking it?

    P.S. embarrassing finger trouble ... I put the wrong MAC address for the AP.  Now I can't release the IP it has!  I tried editing the dhcpd.leases and dhcpd.leases~ but that didn't work so I'm getting by with assigning it directly on the AP.


Log in to reply