Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Cannot add more working Interfaces (4 NIC PC)

    Scheduled Pinned Locked Moved
    Problems Installing or Upgrading pfSense Software
    4
    6
    380
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • V
      voxmagna1
      last edited by

      I have a simple home network using a 4NIC LAN mini pc. I installed Pfsense from an image download and took the part automated lazy approach to configuration. Everything worked. WAN PPOE was on em0 (box LAN1) and the LAN on em1 (box LAN2). Managed to get the firewall setup and run packages.

      Then the Smart TV arrived which I decided should be on a subnet not through VPN on the LAN and I had 2 free NIC ports. I created an interface 'LGTV' on the next spare port em2 with a subnet IP and an 'all pass' firewall rule for LGTV. I configured an old laptop IPV4 for the subnet gateway and client IP to connect to LGTV for testing. Ping and arp returned zilch. I checked and rechecked for hours. I put ping into a batch file loop and got curious because traffic from repeated pings and arp requests on LGTV em2 was duplicated on other interfaces but still no reply from either to the host pc. It seemed as though the NIC port wasn't there? But when I disconnected the WAN cable on em0 and plugged in my test PC I got back a ping response for the subnet I didn't expect or understand - Working WAN and an assigned subnet on the same physical port?

      Since the first setup I had always noticed that even though the WAN appeared on the first port and LAN on the second of 4, the interface assignment list still appeared to show OPTs available for the first port now occupied by the WAN connecting to my ISP modem.

      With my test laptop auto pinging I was suspicious that the physical ports did not correlate with what Pfsense routing screens were telling me. By now I'm frustrated because adding a physical interface to Pfsense on a subnet should be easy to protect my PC network with so many new products wanting internet connections.

      Then I discovered Interfaces/WAN (pppoE) - Advanced and MLPPP. I don't normally touch advanced options. But here you can fix the link option for PPPoE and it's where you leave trhe blue highlight bar before saving! I set it at em0 whilst it showed me my LAN was on em1 and LGTV was correctly assigned to em2 with no assignment yet to em3.

      Now I return to Interfaces /Interface Assignments where can check they align with the physical ports. I have a fast PC and the blue highlight bar can easily skip to the wrong assignment. I cannot get used to pfsense navi protocol which uses the last placed setting of the blue highlight bar to modify settings. Getting that blue highlight bar in the wrong place screwed things up for me.

      This screen capture now shows my assignments with all interfaces correctly assigned in the correct place and responding to pings.

      Pfsense-interface-assignments-edited.jpg

      1 Reply Last reply Reply Quote 0
      • RicoR
        Rico LAYER 8 Rebel Alliance
        last edited by

        Can you show your LGTV Interface configuration and Firewall Rules (Screenshots)? You also need to manually enable DHCP for em2/LGTV.

        -Rico

        2x Netgate XG-7100 | 11x Netgate SG-5100 | 6x Netgate SG-3100 | 2x Netgate SG-1100

        1 Reply Last reply Reply Quote 0
        • V
          voxmagna1
          last edited by

          Thanks, I don't use or need DHCP. All devices are configured with fixed IPs. that way I can choose which to route to VPN or which to the WAN using 2 aliases.

          There is only 1 device (LGTV) on my subnet of 1 and that is configured as a fixed IP. The routing works for me now, but Smart T.Vs are well known for leaking private use data so I will be wiresharking to find out what TV data traffic I can block without affecting functionality too much.

          1 Reply Last reply Reply Quote 0
          • kiokomanK
            kiokoman LAYER 8
            last edited by kiokoman

            LGTV check if the interface, maybe you forgot to assign an IP with a netmask of /24 and it's still /32

            ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
            Please do not use chat/PM to ask for help
            we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
            Don't forget to Upvote with the 👍 button for any post you find to be helpful.

            1 Reply Last reply Reply Quote 0
            • GertjanG
              Gertjan
              last edited by

              TV's are tested with their DHCP functionality.
              I advise you to keep (always) all LAN type device to DHCP-client.

              Do what's been done for decades : connect the TV one, look up the first DHCP-DISCOVER, get the MAC of the TV, and create a static MAC lease for the DHCP part that serves the Interface LGTV.

              Be careful that this network (em2) is set up correctly.
              Check again that for this interface the netmask is set to /24 (and not /32) on the 'LAN' page.
              Check that the DHCP server for the interface LGTV is doing it's job : the TV asks for an IP, the DHCP server gives the correct IP, etc.

              Create a pass all firewall rule that logs all packets from the LGTV on the LGTV interface. This will show you the source (already known) and destination IP. And that will be all, as all traffic is probably TLS == not visible these days. Nail them down with a ahd make alias block rule, or have pfBlockerNG-devel control what can be accessed by the TV.
              As soon as 'functionality' of the TV starts to break down, you know you're in the good direction.

              No "help me" PM's please. Use the forum, the community will thank you.
              Edit : and where are the logs ??

              1 Reply Last reply Reply Quote 0
              • V
                voxmagna1
                last edited by

                @Gertjan
                You will gather I'm a newbie and more often I can break what is already configured and working! Simple traps like disable the LAN for testing on the webGUI, lose everything, no GUI, no SSH then I recover the box, hook it up to peripherals and use the last but one backup.

                Thanks, yes I already spotted the default /32 netmask and changed it to /24. My routing problem was linked to assignments, what physical ports were assigned when I first installed the image.

                The reason all my clients are static IP is I could find no easy way to filter via DNS to allow some clients and websites to go to VPN and others to bypass VPN? Yes I could configure the TV for DHCP since it is now on its own subnet without routing via VPN. In UK some video streaming services detect proxies and block access over VPN.

                My LG 'Smart' TV is getting old now. The LG WebOS seems very slow (compared to pc browsers). I suspect the TV processing and memory storage for apps is insufficient when I do want HDTV streams. I may solve all my streaming speeds and data link to the LG server by switching to a HDMI mini PC on my new pfsense TV port and just use the TV as the display device.

                Others have already posted a huge list of servers LG smart TVs can connect to in the background. A dedicated pc for TV and subscription services should simplify firewall rules for privacy. Most forget that once registering a smart TV warranty, the TV serial number, IP address and any email addresses given are linked to you.

                Gertjan - Thanks for your input, I will try that out. I already use pfBlocker on the private LAN. I forgot about creating a static MAC lease for the TV.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post