Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Great pfsense start

    Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
    22 Posts 5 Posters 2.8k Views 4 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • kappclarkK Offline
      kappclark
      last edited by

      Wanted to say what a vast improvement my new pfsense box has made to the network responsiveness...so much faster..great software for re-purposing an older HTPC (which was replaced with a firestick..

      It is a AMD Athlon based box w/4GB ram and 120G ssd ... colossal improvement over the 5 year old Linksys E1200 wireless router, which I always seemed to be rebooting ..I am using a USB ethernet nic for the LAN side, and seems to work fine, but woud like to get a dual-port nic.

      Can anyone recomment a good one ? I think Intel makes good ones...

      Bill Clark, Windham, VT

      1 Reply Last reply Reply Quote 0
      • stephenw10S Online
        stephenw10 Netgate Administrator
        last edited by

        Yup, anything Intel based will likely work fine.

        The prevalence of fake Intel cards available new makes rebranded Dell, HP, IBM cards available used quite attractive.
        There are a number of threads here and elsewhere detailing what cards have what chipset.

        Steve

        1 Reply Last reply Reply Quote 1
        • provelsP Offline
          provels
          last edited by provels

          I use a quad port IBM-branded Intel i340-T4, about $20 on Ebay. I found this link to be very helpful.
          https://forums.servethehome.com/index.php?threads/list-of-nics-and-their-equivalent-oem-parts.20974/
          Some other threads there on identifying fake cards, too. Seems many of the Intel-branded cards are gray market or fake, and it may be easier to find an OEM variation to be genuine. Good luck.

          Peder

          MAIN - pfSense+ 25.07.1-RELEASE - Adlink MXE-5401, i7, 16 GB RAM, 64 GB SSD. 500 GB HDD for SyslogNG
          BACKUP - pfSense+ 23.01-RELEASE - Hyper-V Virtual Machine, Gen 1, 2 v-CPUs, 3 GB RAM, 8GB VHDX (Dynamic)

          1 Reply Last reply Reply Quote 0
          • kappclarkK Offline
            kappclark
            last edited by

            @provels said in Great pfsense start:

            IBM-branded Intel i340-T4

            Thanks for the suggestions ...

            So, something like this on ebay ?

            provelsP 1 Reply Last reply Reply Quote 0
            • provelsP Offline
              provels @kappclark
              last edited by provels

              @kappclark That's a Broadcom chip and a bit of searching seems to show it doesn't work well with FreeBSD. I'd go Intel, like this, and you can get 4 ports for not much more than 2:

              https://www.ebay.com/itm/IBM-49Y4242-Quad-Port-Ethernet-Gigabit-PCI-E-High-Profile-Network-Adapter/233466919584

              https://www.ebay.com/itm/HP-NC365T-593720-001-4-Port-PCIe-1-Gbps-Ethernet-Adapter/324059575792

              Use the Ebay links in the previously ref'd article. Also, some sellers include both the normal and low profile brackets if you need that.

              Peder

              MAIN - pfSense+ 25.07.1-RELEASE - Adlink MXE-5401, i7, 16 GB RAM, 64 GB SSD. 500 GB HDD for SyslogNG
              BACKUP - pfSense+ 23.01-RELEASE - Hyper-V Virtual Machine, Gen 1, 2 v-CPUs, 3 GB RAM, 8GB VHDX (Dynamic)

              1 Reply Last reply Reply Quote 0
              • kappclarkK Offline
                kappclark
                last edited by

                Thanks ! -- just ordered it -- and free shipping !

                I am assuming the card is plug and play ?? Should I re-install pfSense (hope not to do this ..)

                Regards

                provelsP 1 Reply Last reply Reply Quote 0
                • provelsP Offline
                  provels @kappclark
                  last edited by

                  @kappclark pfSense will recognize the new card fine, you'll just need to reassign the interfaces. No biggie.

                  Peder

                  MAIN - pfSense+ 25.07.1-RELEASE - Adlink MXE-5401, i7, 16 GB RAM, 64 GB SSD. 500 GB HDD for SyslogNG
                  BACKUP - pfSense+ 23.01-RELEASE - Hyper-V Virtual Machine, Gen 1, 2 v-CPUs, 3 GB RAM, 8GB VHDX (Dynamic)

                  1 Reply Last reply Reply Quote 0
                  • kappclarkK Offline
                    kappclark
                    last edited by

                    Thank you - will followup with forum when card gets installed...

                    kappclarkK 1 Reply Last reply Reply Quote 0
                    • kappclarkK Offline
                      kappclark @kappclark
                      last edited by

                      @kappclark said in Great pfsense start:

                      Thank you - will followup with forum when card gets installed...


                      Got 4 port card in yesterday -- installed into ITX box. All 4 ports came up, and also the built-in ethernet port on MB.

                      Configured igb0 as WAN and igb1 as LAN ... set interfaces IP and set to auto for speed and duplex. rebooted, and all good ...

                      Now that I have additional interfaces, how hard would it be to hookup a second wireless access point as a 'guest' network for items like Alexa, firestick, vistors' tablets etc ?? I have an extra router, can be set to bridge mode/AP only mode...can PFSENSE create a second scope for the wireless interface (say interface igb2 ?), allowing it to only goto Internet and stay off the LAN ?

                      THX again

                      1 Reply Last reply Reply Quote 0
                      • NogBadTheBadN Offline
                        NogBadTheBad
                        last edited by NogBadTheBad

                        @kappclark said in Great pfsense start:

                        It is a AMD Athlon based box w/4GB ram and 120G ssd ... colossal improvement over the 5 year old Linksys E1200 wireless router, which I always seemed to be rebooting ..I am using a USB ethernet nic for the LAN side, and seems to work fine, but woud like to get a dual-port nic.
                        Can anyone recomment a good one ? I think Intel makes good ones...
                        Bill Clark, Windham, VT

                        IMO you'd be better off buying an access-point and a switch that supports vlans, I use a Ubiquity UniFi AP-AC-Pro.

                        That way you'd have all your wireless networks on a single AP, its a recipe for problems having multiple access-points providing different networks especially at 2.4Ghz.

                        https://forum.netgate.com/topic/132431/simple-vlan-for-pfsense-unifi-ap-ac-lr

                        You could use your old router just for a guest network by switching off dhcp on the thing and connecting it to your guest LAN port on pfSense.

                        kappclarkK 1 Reply Last reply Reply Quote 0
                        • kappclarkK Offline
                          kappclark @NogBadTheBad
                          last edited by

                          @NogBadTheBad
                          Yes - just did that and works fine --- can the new 'guest' network be configured so that it lives on a different subnet from the home network ? Perhaps some kind of dhcp relay ?

                          Thx for reply ...

                          NogBadTheBadN 1 Reply Last reply Reply Quote 0
                          • NogBadTheBadN Offline
                            NogBadTheBad @kappclark
                            last edited by

                            @kappclark

                            If you are using 192.168.1.0/24 on your LAN interface configure an unused pfSense interface as 192.168.2.0/24.

                            Set up the DHCP scope on the new interface.

                            Create a new alias to include all your IP subnets and pop firewall rules on the guest interface like this:-

                            Screenshot 2020-02-11 at 15.42.40.png

                            Configure the old wifi router to have an IP address in the 192.168.2.0/24 range and connect the old wifi routers LAN port to pfSense.

                            No need for dhcp relay.

                            1 Reply Last reply Reply Quote 0
                            • kappclarkK Offline
                              kappclark
                              last edited by

                              Thanks so much -- I have already started on this and will let you know how it goes ..

                              your reply is very helpful

                              1 Reply Last reply Reply Quote 0
                              • kappclarkK Offline
                                kappclark
                                last edited by

                                SO - the router was reset as an AP - now has static address 192.168.2.254 - changed the password and SSID

                                I can connect and authenticate to this wireless with my phone....

                                But - I cannot obtain an IP address..seems DHCP is not working correctly..I have checked that it is enabled ..

                                I have created a scope on the GUESTOPT1 interface going from 192.168.2.100 - 192.168.2.150.

                                The address of the ethernet interface on the pfsense is 192.168.2.211

                                I am sure I am missing something so obvious ...

                                c36948eb-3d2a-4e6b-b472-30270c382042-image.png

                                Confused, I remain ..

                                NogBadTheBadN 1 Reply Last reply Reply Quote 0
                                • NogBadTheBadN Offline
                                  NogBadTheBad @kappclark
                                  last edited by

                                  @kappclark

                                  A few things to check:-

                                  Can you ping the ap from pfsense?

                                  If you connect a PC to the guest interface does it get an ip address?

                                  Have you connected the guest pfsense interface to the LAN interface on the AP?

                                  1 Reply Last reply Reply Quote 0
                                  • stephenw10S Online
                                    stephenw10 Netgate Administrator
                                    last edited by

                                    How are you connecting the router? Is it really just as an Access Point? If it's just acting as a layer 2 device DHCP should pass it.

                                    Steve

                                    1 Reply Last reply Reply Quote 0
                                    • kappclarkK Offline
                                      kappclark
                                      last edited by

                                      Yes - can ping the AP from pfsense:
                                      710951be-3a5c-4bca-b95b-baa92a017d0d-image.png

                                      Disconnected AP. Connected laptop to OPT port directy -- received IP address from given scope (192.168.2 104) ...

                                      but amazingly - it now works ... I removed the firewall rules on the interface and added only a default rule.

                                      e134e88c-76db-4678-91cc-a34a0353b3c0-image.png

                                      I have the laptop and the firestick both working off the AP ... and Alexa is happy as well....

                                      I will connect wife's phone, laptop and tablet ...

                                      Thank you very much for your help in this ...

                                      1 Reply Last reply Reply Quote 0
                                      • kappclarkK Offline
                                        kappclark
                                        last edited by


                                        Just a followup -

                                        FWIW - Here is a very good guide I found on securing the private network -- maybe be of some help for the next person ..

                                        once the crew here steered me in the right direction, I knew what to search for ... what a valuable resource ..

                                        NogBadTheBadN 1 Reply Last reply Reply Quote 0
                                        • NogBadTheBadN Offline
                                          NogBadTheBad @kappclark
                                          last edited by NogBadTheBad

                                          @kappclark said in Great pfsense start:


                                          Just a followup -

                                          FWIW - Here is a very good guide I found on securing the private network -- maybe be of some help for the next person ..

                                          once the crew here steered me in the right direction, I knew what to search for ... what a valuable resource ..

                                          Slight issue with the guide he creates an IPv4/IPv6 rule with an IPv4 only alias and also allows http, ssh, etc ... access to the guest lan interface.

                                          NogBadTheBadN 1 Reply Last reply Reply Quote 0
                                          • NogBadTheBadN Offline
                                            NogBadTheBad @NogBadTheBad
                                            last edited by

                                            This post is deleted!
                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.