Missing LAN Interface

ta2oo · Sep 17, 2020, 10:20 AM

Hi All.

I have installed and completed the initial setup of pfSense.

When setting up the interfaces there was only the option to configure the WAN interface has hn0, when asked for the LAN interface there were no options available, even use "a" returned no options to configure the LAN interface.

I've logged into the web configuration interface through the WAN interface and cannot find anywhere that will allow me to add LAN interfaces.

I've installed pfSense as a vm in Hyper-V and I'm looking to connect W10 Pro and Server 2016 VMs to route through pfSense for internet connections only, segregating from my home LAN.

Can anyone advise where I may have gone wrong please.

Thanks in advance.

Phill

DaddyGo · Sep 17, 2020, 10:32 AM

@ta2oo said in Missing LAN Interface:

when asked for the LAN interface there were no options available

During the installation (console) there is no recognized LAN interface, it will not be in the GUI either

+++++edit:
so this is probably eth. controller driver problem or port configuration problem incorrectly passed from VM (VM interface pass-trough)

+++edit2:

review your VM settings again

I think you know that after installation you need to make an interface assignment on the console, at least in terms of LAN / WAN

ta2oo · Sep 17, 2020, 11:24 AM

Thanks for nudge

I've added a couple of interfaces on Hyper-V and assigned to the vm, they're now available in the console to configure.

Thank you

Phill.

DaddyGo · Sep 17, 2020, 11:36 AM

@ta2oo said in Missing LAN Interface:

Thanks for nudge

You welcome

btw:
be careful with the VM environment, it can cause a lot of weirdness, if the NIC(s) pass-through is set incorrectly

ta2oo · Sep 17, 2020, 8:14 PM

Hi.

I'm scouring the internet to understand how best to configure pfSense to isolate the lab from my home network but maintain internet access.

I'm investigating more along the lines of how to deploy the VMs onto a new VLAN to route through pfSense and then work out to route this traffic to the internet only.

If you know of any good resources on this subject I would be so grateful.

Thanks Phill.

DaddyGo · Sep 18, 2020, 9:26 AM

@ta2oo said in Missing LAN Interface:

If you know of any good resources on this subject I would be so grateful.

You don't even need a tutorial...

The answer is simple:

Buy (eBay or other) a cheap, used 4-port Intel (genuine) NIC and segmented your network into a separate interfaces, like WLAN for WiFi / mobile, IoT, DMZ, LAN, VPN, GAME, etc.

(Intel I340-T4, I350-T4, I210, I211, PRO1000)

I prefer this solution over VLANs where this can be possible.
VLAN is also a good solution where there is no free interface, but remember VLANs consume bandwidth.

I tend to solve VLANs question with an L3 capable switch

+++edit:

or...

https://netosec.com/protect-home-network/
https://docs.netgate.com/pfsense/en/latest/book/vlan/vlans-and-security.html
https://www.youtube.com/watch?v=b2w1Ywt081o

ta2oo · Sep 18, 2020, 10:13 AM

Hi DaddyGo.

Thanks, I'll have a read and digest.

I do like Unifi, I have the 3 x AP AC Pro's distributing my home WiFi, but as I'm studying for my CCNA I've gone the Cisco route for equipment, C3750G, ASA5520 & ISR2901. The equipment started out as part of a separate hardware lab but I just could help myself and migrated my home network

I have the L3 infrastructure in place to manage VLAN routing once the network traffic leaves the various VMs, I have pfSense setup as a VM to manage traffic segregation so only traffic that requires internet access gets through, this is where I am at now. I am new to pfSense and Hyper V, bit of a learning curve but I love it.

I know this has all gone a little off topic from my initial post, I appreciate you giving me your time and continuing.

I've attached my current network topology below. My thinking is.

Create a new VLAN in pfSense and tag the Hyper V virtual interfaces with this VLAN
Create the same VLAN on my 3750 and change the desktop switch port from access to trunk and allow only the new VLAN and VLAN3 for my desktop
Configure ACL's on the 3750 to allow this VLAN out over 192.168.10.101 only

Thanks again.

Phill

DaddyGo · Sep 18, 2020, 10:44 AM

@ta2oo said in Missing LAN Interface:

I do like Unifi, I have the 3 x AP AC Pro

I like it too, but we usually work with the Cisco WAP series and Ruckus

So about your drawing:

There is no problem with this solution and/or network topology.

What I would like to point out that you use Gig interfaces thus, each VLAN consumes your bandwidth (on trunk) the more of your VLANs, the further you slice the Gig bandwidth.

Think only of the way,......... f.e.: I currently have an ISP 1000/500 GPON, ergo Gig internet speed available to my desktop (wired Cat6A), if I load this internal interface even with VLANs I can't take advantage of the ISP Gig connection, because the bandwidth is shared between the VLANs.

Therefore, I have a Supermicro-based device with 8 ports (for pfSense), where each interface is a separate subnet and then I distribute the VLANs in a Cisco SG350X, which Cisco does very well.

So my network is fully segmented and I trunk forwarding VLANs on the Cisco SG350X 10Gig port to other swithes.

The 10Gig interface delivers nearly 7 to 8 VLANs as well

ta2oo · Sep 19, 2020, 10:07 PM

Sweet, gig internet to desktop. I'm way off with my 100Mb connection although Virgin Media do a 500Mb service.

Ok, I'm understanding that bandwidth will be affected for each and every VLAN on a trunked interface, effectively throttling my share of the bandwidth. Some of the hardware solutions for pfSense are nice but a little outside of my budget at the moment. Hardware is definitely the way to go and I think long term for my lab this is something I'd like to invest in.

For now I'm going to have to stick with the pfSense VM. So, if I can get my hands on a 4 port gig Ethernet card for the PC I have my VMs running on, I can create virtual network interfaces for each VLAN (up to 4), assign a single VLAN to each gig port and patch these direct to my Cisco 3570 ports, configured for access and set to the appropriate VLAN.

Many Thanks

Phill

DaddyGo · Sep 21, 2020, 10:43 AM

@ta2oo said in Missing LAN Interface:

I think long term for my lab this is something I'd like to invest in.

This is a good idea as it can get more out of your system

ta2oo · Sep 21, 2020, 12:22 PM

Hi.

Going back to my original issue which was resolved by creating the virtual switches in Hyper V.

I have since created another 2 private virtual switches, LAN3 and Test1, which should identify as OPT2 and OPT3, these are not showing in the console interface assignments page.

I've rebooted pfSense and Hyper V a few times, I've removed the virtual switches and re-created them.

The original WAN & LAN assignments are still working fine.

I don't think that I am missing anything as the configuration options set are the same as the two interfaces I currently have working.

Sorry to keep going on, I though I had this cracked

Thanks Phill

ta2oo · Sep 21, 2020, 8:47 PM

Ok.......

so I've taken another look Hyper V and realised that although I had created the new virtual switch connections I had only applied to the interfaces to the client VMs.

I've applied the virtual switch connections to pfSense VM and voila, they now appear in the console ready for configuration.

The case of the missing LAN interfaces is now closed.

Thank you for your advise and support on this topic, I'm sure as I learn more about pfSense there will new posts

Phill

DaddyGo · Sep 22, 2020, 9:00 AM

@ta2oo said in Missing LAN Interface:

I had only applied to the interfaces to the client VMs.

I'm so glad you successfully configured the interfaces.
Yesterday unfortunately I could not look into the forum we had a little Citrix problem.

btw:

Reading this way, I thought you had an interface pass-through issue...
When we talk about hypervisor, we almost always make mistakes here this point....