How to setup a second LAN?
-
I see plenty of guides on VLANs but nothing on basic LANs.
edit: I managed to get the second LAN working but I have another problem with it. LAN2 cannot see anything on LAN1 and I suspect the reverse. As an add on to that problem, the Pfsense router takes the first ip in LAN2 range. I wanted to get all ports on one LAN network. What I did so far is half the size of the network mask ( making it /25 instead of /24). LAN1 spans from 1-128. LAN2 spans from 129-254.
edit2: I made an outbound NAT rule with source of LAN1 address and interface of LAN2. Then I made a second rule with source of LAN2 address and interface of LAN1. That seems to allow communication. That does the strange thing of the first address of each LAN network can be used to edit Pfsense router. It is not exactly 1 network. I also think the setup is not done properly so it may be slowing down internet speeds on LAN2. Any ideas on what is the proper way for a one network with all the LAN ports on it?
edit3:
I believe I have found the correct solution. This solution does not suffer from the speed slowdown and puts everything in the same subnet
1) Make a bunch of LAN ports that are enabled and set to nothing. (Your going to need another working LAN port to configure Pfsense)
2) Make a Bridge and group your LAN ports with it.
3) Assign a an IP range to the bridge as you would a normal LAN.
4) Assign firewall and outbound NAT rules to bridge as you would a normal LAN
-
Do you have an additional NIC that's unused at the moment?
If so then from Interfaces: (assign) make it available as Opt1.
Enable it, give it an IP address with netmask, add DHCP if needed and maybe rename it.
Done.If not then go and get one… ;-)
-
Enable it,
Done.Mirror the "LAN" firewall "Allow all" rules on "OPT1".
Ive found that I have to go to "outbound NAT" and at least click "save". YMMV. (maybe a reboot will do.)
-
Yeah, thanks for mentioning it. The ruleset has to be created, of course. But that varies widely with requirements.
-
Do you have an additional NIC that's unused at the moment?
If so then from Interfaces: (assign) make it available as Opt1.
Enable it, give it an IP address with netmask, add DHCP if needed and maybe rename it.
Done.If not then go and get one… ;-)
Enable it,
Done.Mirror the "LAN" firewall "Allow all" rules on "OPT1".
Ive found that I have to go to "outbound NAT" and at least click "save". YMMV. (maybe a reboot will do.)
Updated the question.
-
I wanted to get all ports on one LAN network.
That is what a switch on LAN is for.
-
Any ideas on what is the proper way for a one network with all the LAN ports on it?
Yes, that's called a switch. Not a router.
I see plenty of guides on VLANs but nothing on basic LANs.
That's what you ment … well, because your "basic LANs" aka a switch, is nothing you will want to do in software.
There's one exception in the netgate line of pfSense hardware currently and that is the SG-3100. It has 3 interfaces, WAN, LAN and Opt1 with LAN being a managed switch internally.
Otherwise all pfSense devices are routers only.
