Dual lan



  • Im setting up a pfsense box w/ 3 nic's.

    1 is for wan. The other 2 are going to be for the lan side. Id like the 2 nic's for the lan to function like a regular switch in a router since 1 will be going to a wifi ap & the other to a single machine.

    Im a little unclear how to setup the "optional interface" for the 2nd nic properly to do this after doing some searching. Any help would be awsome.



  • You have to bridge the OPT1 interface to your LAN. This way it will act like a switch. Add pass any rules at the OPT1 interface. Also make sure both interfaces have a link up (if not the bridge will be down and none of the interfaces will pass traffic; that's a limitation). The OPT1 clients will get DHCP form the LAN settings this way as well.



  • Thanks for the info. When you say both links up, I take it you mean each nic needs to have a machine connected?



  • The link lights at both machines have to be up and the webgui should report the connections as UP (status>interfaces). This is the case if a powered up devices are connected to all of the bridge interfaces.



  • Got ya, thanks.

    One more ?. For the General Config, does it matter if I select DHCP or Static?



  • Select for what? The client or the AP? Doesn't matter as long as you don't cause conficts. Make sure your statically assigned IPs are not inside the DHCP pool of that interface.



  • For the 2nd lan interface in pfsense theres an option for dhcp & static in the "general configuration". I wasnt sure if it matter which it had to be.

    Doesnt matter too much anymore since Im pulling that nic & adding another switch to run everything off the 1 nic. I seem to have a bottle neck & only get 1.5mbps xfer speed between the 2 nics on the lan side.



  • As the traffic has to pass the pfSense it depends on nicspeed, busspeed and last but not least cpuspeed. A WRAP for example (266MHz CPU with SIS nics) can do up to 32 mbit/s.



  • The machine was donated to me from various people so at the moment I dont know the specifics.

    Its a P2, a-open mobo, 128m ram, belkin & two 3com nics. The cpu isnt the factor as I monitored the system doing a file xfer, cpu doesnt break 7%. So yea like you said either the nics/ pci bus is where the bottle neck probly lies. Least switch's are cheap.



  • Have a look at the mode your nics are in (status>interfaces). You might just have some kind of autonegotiation duplex problems.



  • Man I am soooooo blind  :-[

    My 2nd nic is in 10base. I know its a 10/100 nic but dont see any options for that. Any ideas?



  • See http://faq.pfsense.com/index.php?action=artikel&cat=10&id=38&artlang=en&highlight=hidden xml how to hardcode speed and duplex mode. Make sure the devices you connect to can use this mode too. Usually the autonagotiation should work. Hardcoding interface mode might mess things up.



  • Im going to try that since I know its a 10/100 nic.

    Im looking at the .xml file..

    for the lan & wan it has:

    <bandwidth>100</bandwidth>
    <bandwidthtype>Mb</bandwidthtype>

    for lan2 it doesnt have this, is that what I need to add? The lan & wan also have this:

    <media><mediaopt>In the documentation it mentions these settings but doesnt say if & what it needs to be. Do I need to change anything?</mediaopt></media>



  • From the faq:

    interfaces/(if)/media and interfaces/(if)/mediaopt

    If you need to force your NIC to a specific media type (e.g. 10Base-T half duplex), you can use these two options. Refer to the appropriate FreeBSD manpage for the driver you're using to see which options are available (or run ifconfig -m).

    You have to add these lines manually if not present. Valid options can be determined by running the highlighted command from diagnostics>command



  • Thanks for all the help, I do appreciate it.

    I decided to yank the nic & put in a 2nd switch. Figured $15 is better than spending anymore time on it, specially since I pretty much suck at anything dealing with the command line.


Locked