3rd and 4th Lan Ports for internet



  • I am new here and not fully understanding of the titles of everything and how things fully work. My apologies.

    I have tried to browse but as im unsure if its a switch, lan, vlan i have no idea.

    I have also tried to follow a few youtube videos to no avail.

    I have as a test setup an old PC with a 4 port Network card and PFSENSE. It is my intention to buy a box eventually but i want to see if this will speed up my internet as i have gigabit.

    I have got the LAN / WAN connections working but cant get the 3rd and 4th LAN ports working.

    I am unsure exactly what these are called and i thought i needed to bridge the LAN connections. But im totally lost and nothing seems to work.

    Im on Virgin Media in the UK. Any help will be hugely appreciated. Sorry if its in the wrong section.



  • @jonefc said in 3rd and 4th Lan Ports for internet:

    I have got the LAN / WAN connections working but cant get the 3rd and 4th LAN ports working.

    Hi,

    By default, two dedicated WAN / LAN interfaces are sufficient for pfSense, the others are optional or you can use them to further segment your network

    +++edit:

    otherwise, follow these instead of unchecked Youtube videos

    https://www.youtube.com/channel/UC3Cq2kjCWM8odzoIzftS04A/videos
    https://docs.netgate.com/manuals/pfsense/en/latest/the-pfsense-documentation.pdf



  • Hey

    Sorry maybe i wasnt clear.

    I have 4 ports on my NIC card

    1 = WAN
    1 = LAN
    1 = NOTHING
    1 = NOTHING

    I want the two nothings to be LAN ports to give internet out



  • @jonefc said in 3rd and 4th Lan Ports for internet:

    I want the two nothings to be LAN ports to give internet out

    Okhay 😉
    I have 8 ports and I use them for different purposes and there is something to spare....

    f.e.: DMZ, VPN, etc

    Configure the blanks (NOTHING) here:

    3da83609-2038-4bc0-901c-e8db29b27eac-image.png

    and here:

    37fa8378-7c21-43de-90b4-9cf850ea6175-image.png

    +++edit:

    https://docs.netgate.com/pfsense/en/latest/interfaces/configure.html



  • I really dont know what the hell im doing wrong. Let me show with images !

    So just to explain again

    I have 4 ports on my NIC card

    1 = WAN
    1 = LAN
    1 = NOTHING
    1 = NOTHING

    I want the two nothings to be LAN ports to give internet out. As well as the first LAN port (so 3 outbound internets)

    My interfaces are as follows ;

    7276b068-b773-481c-90b6-deb1a6cced11-image.png

    Within the LAN it is -

    88389fc9-2c0b-4bcd-a1c9-7763d6219a13-image.png

    and both interface OPT1 and OPT2 are as follows ;

    4db6bbcd-a210-46be-8eb5-5097c015ec11-image.png

    A bridge is created

    ac590ec7-f4cd-493a-b814-1e285afb8e4f-image.png

    AND FIREWALL ON BOTH OPT1 and OPT2 are as follows;

    47b53787-d232-46e8-8f43-d12339f12ded-image.png

    I have tried connecting the ethernet cable from LAN to OPT1 and OPT2 and get no internet. Any ideas?

    I am totally stuck.



  • any ideas anyone?



  • @jonefc

    You may discard the Bridge and then you need to give the OPT1 and OPT2 Interfaces a Static IP and configure a DHCP Server for each.

    If you really want to bridge OPT1 and OPT2, assign the bridge to an new Interface and enable it, create a rule for it.

    https://docs.netgate.com/manuals/pfsense/en/latest/the-pfsense-documentation.pdf page 448



  • ok so i know how to give them IP.

    How do i configure a DHCP server for each?



  • Visit Services > DHCP Server

    "LAN" will be selected, and you see that you have 2 other interface names, typically OPT1 and OPT2.
    Click on OPT1, and set up a range, like 192.168.2.2 - 192.168.2.254 if 192.168.2.1 is the pfSense OPT1 base address.

    Idem for OPT2, 192.168.3.2 - 192.168.3.254 if 192.168.3.1 is base.

    Don't forget to hit Save.

    And be carefull : the LAN interface has a default pass all firewall rule.
    The OPT1 and OPT2 have no rules - DHCP will work ;) but nothing else.
    Copy the default LAN rule to OPT and OPT2 and you are ready to use both interfaces.



  • @jonefc said in 3rd and 4th Lan Ports for internet:

    any ideas anyone?

    Note: It would be a smart thing to keep one of the interfaces just to manage (Mng. interface) your pfSense box,
    and set special rules to keep the bad guys don’t have access to your important things



  • Thanks for your help there.

    I thought i had cracked it but no internet on either OPT1 and OPT2.

    Have a look at these settings ..

    fa9e5411-1f70-4fb5-aebc-f3236bbe855d-image.png

    THIS IS THE SAME FOR OPT2 BUT THE IP ADDRESS IS 192.168.3.1

    THIS IS THE LAN DCHP SERVER

    348c733a-4e13-45b7-abef-74fcfd44a4d5-image.png

    AND NOW OPT1 and OPT 2

    661a9578-e8fc-4693-9d47-692a3175cb2e-image.png

    OPT 2 IS Range 192.168.3.10 > 192.168.3.245

    Firewall rules for both OPT1 and OPT2 are below

    0237aa58-6fc7-4660-a900-b375e942a0f8-image.png

    AHHH !



  • @jonefc

    Just copy the default LAN rule with the red arrow icon and apply it to OPT1 and 2

    1e4b62c1-e262-46ac-b9cf-444f304caa86-image.png

    Do not forget....

    OPT1 and OPT2 Net!!!!! (in my example DMZ net)

    95ba825e-0a58-48be-9f72-060072bf3569-image.png



  • When you (think you) finished the setup of OPT1 :
    Connect the cable of a device - typically, a PC.

    Use the

    ipconfig /all
    

    command to check if the IP, mask, gateway and DNS are ok.

    The gateway and DNS should be the IP of pfSense, the interface you are connected to.
    The IP should be in the pool of that interface.

    Also, check on pfSense, Status > System Logs > DHCP and look for the MAC of your device you connected to the OPT interface. The same IP - the 'lease' is shown there .

    The firewall rules you shwoed, one for IPv4 and one for IPv6 are ok.
    IPv6 are needed only needed if you actually need and set up IPv6 .



  • done everything above, and still no luck !

    Any ideas. I copied the firewall profile as shown below.

    6a03c475-04f2-4cf5-aa65-6afddc5c5d14-image.png



  • i get nothing on the other connections using IPCONFIG

    fc1caef1-bd78-4e41-9da4-92aab9ca2cac-image.png



  • pls show the rules for opt1 and opt2, and the dhcp server for opt1 and opt2. There should be a rule " IP4 * allow any to any" in opt1 and opt2 and a running dhcp server on both interfaces.


  • LAYER 8 Global Moderator

    Well your never going to get anywhere with a 169.254 address. Clearly you device did not get an IP from dhcp server.



  • @jonefc said in 3rd and 4th Lan Ports for internet:

    I copied the firewall profile as shown below.

    the copy must be apply / validated on OPT1 and OPT2, not under the LAN interface

    +++edit:
    the firewall sets the "default allow rule" to LAN only by default


  • LAYER 8 Global Moderator

    While true he needs firewall rules on optX interfaces to allow internet access from them.

    Step 1 in his problem is whatever client that was on whatever optX network is not getting IP from dhcp server.

    You need to validate dhcp server is enabled on your optX interface, and the client that is set for dhcp is actually connected to this optX network..

    Either directly into the interface on your pfsense box, or a switch that is only connected to this optX network and your clients you want on this optX network.

    You can not plug lan and optX networks into some dumb switch and hope to run multiple L2 networks on it and for dhcp to just magically know which client should get what IP from which dhcp server.



  • @johnpoz

    In principle, the OP configured a DHCP server somewhere for OPT1, but it failed....?!? (shown above)...hmmm

    192.168.2.0.....if I see it right

    so there are several problems here

    +++edit:
    I suggested him / her read the handbook first, because these are very basic steps, what will happen later?


  • LAYER 8 Global Moderator

    Yeah failed why? He never stated where he has that device plugged in. Maybe it connected it to opt2 and only enabled dhcp on opt1?

    But clearly the optput of ipconfig shown did not get an IP from dhcp server. 169.254 isn't going anywhere that is a APIPA address when a dhcp client doesn't get an IP from a dhcp server.



  • @johnpoz said in 3rd and 4th Lan Ports for internet:

    169.254 isn't going anywhere

    this is true....

    he wants both interfaces, (OPT1 / OPT2), but none succeed


  • LAYER 8 Global Moderator

    Did he remove the bridge nonsense he setup?

    There is not enough info to try and help him figure out what he is doing wrong.

    If interface is configured with an IP, and dhcp is enabled on this interface. Then a dhcp client connected to that interface should and would get an IP from the dhcp server.

    If doesn't then no its not going to get internet.

    Once it gets an IP and other info from the dhcp server, gateway, dns - then you would need firewall rules on this interface to allow whatever traffic you want.

    And you would also need outbound nat, which should be automatic and working as soon as created an IP on the interface and enabled it. But you don't know maybe he set his outbound nat to manual?

    First step is to figure out why client that is set for dhcp did not get an IP from the dhcp server.

    But also we need to know what he is plugging into this opt interface, is it the same dumb switch he is using for his lan interface, is it a windows device directly? Is it some wifi router? etc..

    For all we know he plugged in some wifi router into this opt interface and its wan got an IP, but the lan side of that wifi router where he has his client connected doesn't have dhcp enable?

    Info is required to help figure out whatever the problem is - without information, any guessing to what might be the issue is just that, guessing.



  • @jonefc said in 3rd and 4th Lan Ports for internet:

    Any ideas.

    I think you need to understand first that these are separate interfaces...(OPT1 / OPT2)
    they do not depend on the LAN,...... just because it has Internet access by default (the LAN)

    forget your "bridge" idea - you presented above

    set each interface separately and give them a "default allow rule" as shown on the LAN
    (copy is good ....because fast)

    review the DHCP setting and cable connections...
    say review the DHCP logs and connect your cable to the ports step by step


Log in to reply