help to setup vlan for 2 lan ports



  • hi all
    I'm not an expert but with the community help I was able to setup pfsense for my needs,
    I don't know if the setup is the best setup but is working jijij
    I have a HP DL380 G7 with several NIC cards acting as router / switch (everyone is reachable by everyone )
    but now I want to take 2 of those ports to act as a privately connection with diff ip (10.0.0.1 and 10.0.0.2) with no one (except pfsense router able to reach it) rest of the network is 192.168.1.x
    any doc/tutorial or help to do this please :)
    Pura Vida :)


  • Rebel Alliance Global Moderator

    Huh? Why would pfsense need to access those IPs Its a router/firewall. What would these 2 Ips be providing..

    Your using your nics as switch - so you have them bridged? Why?

    Why don't you draw up a simple layout of your network and how things are connected.. And what your wanting to accomplish with these new IPs/Network and we can work through how best to do that.



  • Thanks for reply..
    With access from pfsense I mean manage access only.. I don't need anyone accessing from another side.

    Yes I'm bridging them... by the way yesterday was playing a little bit and the way that I found to do this was creating another bridge and creating firewall rules to restrict traffic between bridges....

    I bought some servers to do a lab an Oracle RAC lab...
    Each Oracle server need to be connected to a public ip and each server need to be connected to a private network between them (for this is what I need to create a VPN )
    Those servers came with several nics including some of 10gbe,
    I used one as NAS and others for Oracle... One of the options was buy a 10gbe switch but are quite expensive so I decided test with pfsense
    So far it has been working great |-left aligned paragraph


  • Rebel Alliance Global Moderator

    Ah so you bridged the 10ge.. So these servers could talk to each other at 10ge? Why could you not just directly connect them vs going through pfsense?

    Confused about the vpn needing a private network?

    So you want a administration vlan to pfsense it sounds like. Sure any interface could be connected to admin only network. Or you could just use a vlan to do that. A drawing would help figure out the best way to skin this cat.



  • 0_1532265784722_rac setup.png
    is something like this..
    the 10gb are for the storage, so I can access faster the storage from servers and from my pc
    In the public one I have my pc, laptop, tv and xbox too
    one of the requisites is that oracle can't be connected directly between them...



  • this is the config that I'm using right now..

    5_1532266159350_pfsense config 6.PNG 4_1532266159349_pfsense config 5.PNG 3_1532266159349_pfsense config 4.PNG 2_1532266159349_pfsense config 3.PNG 1_1532266159349_pfsense config 2.PNG 0_1532266159349_pfsense config 1.PNG



  • the other bridge that I created (SANBRIDGE) was only to test... to see if I connect SAN with a private port to RAC servers


  • Rebel Alliance Global Moderator

    Let me know when you have a drawing, and a description of what exactly your trying to accomplish. Other than seeing that box has a shitton of interfaces.. And what looks like stuff connected to switch.. Break out your layer 2 networks.

    Yours don't seem to make any sense because you have sources of different networks.. Do you have downstream networks routed to your bridge interface? Are you running multiple layer 3 on the same layer 2?

    So far it looks like a complete mess.. If anything can talk to anything it would be anyones guess what path its taking. I can make out 3 L3 networks 192.168.0, .1/24 and 10.0.0/24

    If you want to leverage all those your interfaces to create your layer2 networks then do so.. But from from your rules looks like you have rules to networks that would never been seen on that layer 2..

    For example on your bridge you have all 3 different layer 3 networks blocked from talking to each other.. Which specific layer 3 is on this L2 network (bridge)?

    From this mess it looks like your trying to run these 3 different layer 3 networks on the same layer 2 and then blocking what exactly??

    When you say public IP - do you really mean rfc1918 (one of the 3 you list?) that is on the same layer 2 as your lan - or is routed to your lan cloud you list?



  • I know is a mess jijij
    but this is the only way that I found that worked for me :(
    with public I mean my pc, xbox everyone with internet access
    I don't understand much your questions...
    the config that I want is something like this (imagine as separately devices):
    1 router with dual wan
    1 switch connected to the router with internet access (192.168.1.0/24)
    1 separately switch (192.168.0.0/24) with no internet access and completely separately from network
    another separately switch (10.0.0.0/24 ) with no internet access and completely separately from network
    everything done in the same machine...
    will be something like this:
    0_1532272175610_network config.png

    let me know if that works for you :$
    and thanks again for taking time to reply ...


  • Rebel Alliance Global Moderator

    So create a bridge with the ones you have circled. Create another bridge with the purple interfaces, create another with your red.

    Now connect the devices you want on those networks to those ports.

    What exactly is the dual wan suppose to connect to? Where is the router that gets you to the internet? Is it on this 192.168.1 network? Is it something that your going to connect your dual wan interfaces?

    With your circles you have called out 4 different layer 2 networks. If you want to connect a server to both 192.168.1/24 and 192.168.0/24 where .0/24 is your storage then those interfaces would NOT have gateways on the device - since that network would only be used to talk to some storage device.

    What your calling public sounds more just like your lan network to me - is pfsense going to route/nat this to get to the internet connected on your dual wan listing... Or is your router to get to the internet also on this 192.168.1/24 network? Connected to pfsense?



  • @johnpoz said in help to setup vlan for 2 lan ports:

    What exactly is the dual wan suppose to connect to? Where is the router that gets you to the internet? Is it on this 192.168.1 network? Is it something that your going to connect your dual wan interfaces?

    I put router to passthrough so wan right now have 186.15.145.x ip
    the other wan is acting as failover...

    and now I'm little bit lost,
    because that is exactly what I was trying to do
    create 3 diff bridges
    one for green one for purple and one for red
    as far as I remember I don't put any gateway but checking I think that is what you talk
    0_1532274555730_d3b512ec-08d1-4126-b6cf-e786824a7d47-image.png

    public is lan network (sorry we used to call it public when work with oracle databases)... when everyone will connect to each other and everyone will have internet...


  • Rebel Alliance Global Moderator

    Well that is NOT what you did on you rules..



  • that Is what I tried to do :(
    Do you have a manual or something that I can follow 🙃🙏
    Thanks