Brand New to pfSense. NIC Question.

  • I have an unused computer with one motherboard 1GB Intel ethernet port.  I'm considering using this as a pfSense router.  There's a chance that I might want to have a multi WAN setup in the future.  I thought I might purchase this 4 port Intel PCIe NIC instead of adding two one port cards.

    1. Will this card have drivers in pfSense?
    2. Will I lose any performance by using a multiport card instead of two one port cards in their own PCIe slots?
    3. For my initial single WAN setup, would there be any advantage to using two ports on this card for WAN and LAN vs. using one port on the card and the one port on the motherboard?
    4. If I'll never do more than a double WAN setup, should I just buy a 2 port card instead?  The price difference between 2 and 4 port doesn't seem that significant.


  • 1. Yes, works fine
    2. Not really
    3. I'd use the port on the mainboard as well, maybe as OOB mgmt network
    4. 2 port card would do fine. Instead of adding a ton of ports to pfSense, a managed switch is a better choice. More ports are mostly useful for more ethernet-level connectivity (i.e. PPPoE, more bandwidth)

  • I do NOT second johnkeates "a managed switch is a better choice" statement. You will always run short of one port. And since the price of a 4-port card is not much higher than a 2-port card I'd always choose the bigger one. Been there, done that.

    Having said that, you will NOT want to bridge spare NICs to "act like a switch" later on. They just won't.

    Using VLANs with a managed switch is fine if you need more interfaces than you have NICs. Traffic between VLANs will only have half the speed of what separate NICs could provide. That's fine in a lot of installs. But it's not the one and only preferred solution.
    And a reliable managed switch is way more expensive than the price-difference of the NICs…

  • I'll repeat #4: Don't get more ethernet ports if you simply need to connect more devices. Only get more ports if you want to support multiple networks, LANs, WANs etc. Bridging is slow and sad.

    Say you want WAN, LAN and.. something else, 3 ports total, you'd have that. If you want 4 or 5 ports, get the quad cards. If the difference is only like €10, get the quad anyway.

  • @johnkeates:

    If the difference is only like €10, get the quad anyway.

    That's what I meant. Thanks!

  • Thanks for the responses.  I wouldn't use the extra NIC ports in the computer for additional devices.  I already have a 50 port managed switch and just one home network.  I will need to do VLAN tagging in pfSense to be able to connect to CenturyLink Gigabit fiber.  I don't like the Actiontec 2000a modem/router that CenturyLink provides and was hoping to replace that with a pfSense computer.  I don't think I'll need to do VLAN tagging with the smart switch, just in pfSense.

  • Hey XRay

    If your Internet connection from CenturyLink is being provided over DSL, you won't be able to get the rid of the Actiontec altogether. You will likely wind up doing what I do and putting your Actiontec in bridge mode and doing the PPPoE authentication using PFsense. My setup setup uses a Zyxel C1100Z modem/router/AP combo which I have turned into just a modem. I let PFsense do the authentication, routing, NAT and firewalling and have a Ubiquiti APC Lite for wireless duty. If you're actually getting fiber to the home, then you should be able to dump it completely.


    Edit: I just re-read what you wrote and it does look like you're getting full fledged fiber to the home. Please disregard the above. One thing to keep in mind though is that PPPoE throughput on PFsense can run into issues at high speed. You might not be able to use the full gigabit on downloads without a high clock speed CPU.

Log in to reply