Network config
-
ok my pfsense firewall hardware has 2 onboard nics and 2 cards each with 6 nic ports (12 total)
what i want to do is have one of the onboard nics as a WAN and the rest on a LAN
my question is how should i be configuring it -
Get a switch. Plug your LAN interface into the switch. Plug your devices into the remaining switch ports. Use all those router ports in your router as router ports.
-
ok my pfsense firewall hardware has 2 onboard nics and 2 cards each with 6 nic ports (12 total)
Ok, this could be really exiting, but it is your choice! What pfSense version you will using for that?
What kind of NICs you are using here?what i want to do is have one of the onboard nics as a WAN and the rest on a LAN
my question is how should i be configuring itConfigure the WAN as WAN Port and set up on each LAN port a own Subnet (CIDR) or IP address range
such like eth0 = 192.168.1.0/24 and so on and so on. And then you could connect to each LAN port a
dumb network switch where all you devices will be connected to.shorten down the num.queues to 1 or 2
high up the mbuf size to 500000 or 1000000To prevent port flapping or high packet loss you should check also some other things:
enable PowerD (high adaptive)
enable Intel Speed Step (BIOS)
enable HT (BIOS)
enable TurboBoost (Bios)/boot/loader.conf.local kern.cam.boot_delay=10000 kern.ipc.nmbclusters=1000000 hw.igb.num_queues=1 legal.intel_ipw.license_ack=1 legal.intel_iwi.license_ack=1 hw.pci.enable_msix=0 hw.igb.enable_msix=0 -
Unlike off-the-shelf SMB units, pfSense is designed for each port to be a routed port and not a switch port. When first switching from other SMB equipment to pfSense I often considered using the ports as switch ports for our smaller clients but in the end it really is better just to have a separate switch. They all needed more than a few ports anyway. NetGear has good inexpensive dumb switches with and without PoE. Cisco SG200 switches offer dot1q VLANs and other enhanced features and start at under $175 for 24 port units (actually 24+2) and the SG300s are very feature rich. The older Cisco ASAs had switch ports with PoE and were nice little all in one devices but were just dog slow. The newer versions don't have those convenient features anymore and are just like pfSense. Routers route and switches switch. That's just how it's designed.
Having said that, this may be what you are looking for, though. https://forum.pfsense.org/index.php?topic=48947.0
-
@BlueKobold:
ok my pfsense firewall hardware has 2 onboard nics and 2 cards each with 6 nic ports (12 total)
Ok, this could be really exiting, but it is your choice! What pfSense version you will using for that?
What kind of NICs you are using here?2.4.1-RELEASE (amd64)
-
Get a switch. Plug your LAN interface into the switch. Plug your devices into the remaining switch ports. Use all those router ports in your router as router ports.
I already have a switch what i want to do is use the network ports on the firewall to disperse traffic at a higher priority (QoS) I.E. VOIP, Plex, etc….
-
I think you're barking up the wrong tree.
If you really think you need a bridge, do this. Just add all the interfaces as members after the bridge is created:
https://www.infotechwerx.com/blog/Creating-a-Simple-pfSense-Bridge
-
"disperse traffic at a higher priority (QoS) I.E. VOIP, Plex, etc…."
So your VOIP and Plex are on different networks?
