Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Lan switching issue (pebkac 100%)

    L2/Switching/VLANs
    3
    7
    936
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      northernsky
      last edited by

      Hello there - I've searched around but have not found exactly what I am having an issue with. I have the Netgate 6100 and I am trying to get the LAN2 port to go out to the internet. I've created two firewall rules in the LAN2 to allow traffic out but its not working like I think it should. Am I missing a step somewhere? I tried following a youtube how-to last night on setting up a bridge for lan2 but that failed and I blew something up having to factory reset. The attached pic is the firewall rules I set up. Sorry if this is a stupid question. 2022-09-23_181747x.jpg

      GertjanG johnpozJ 2 Replies Last reply Reply Quote 0
      • GertjanG
        Gertjan @northernsky
        last edited by Gertjan

        @northernsky

        Your rules look fine to me.
        These are mine on my LAN :

        cfaba0ae-0b2c-435f-b869-77c90fe76b18-image.png

        See the last rule. I even combined IPv4 and IPv6.

        Your counters in front of the rule stay at zero, so no traffic is actually reaching your LAN2 NIC.
        Double check the relation between what you might think is the LAN2 port on your 6100.
        Also check the DHCP LAN2 server settings and the DHCP log, as it will show you what device ask for a lease, the IP it gets etc.

        Go to Status > Interfaces and see if LAN2 is up, and if it goes down when you remove the cable.

        edit : no floating rules, right ?
        LAN2 is using a typical IP setup using RFC1918 and a /24 mask, right ?

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        1 Reply Last reply Reply Quote 0
        • johnpozJ
          johnpoz LAYER 8 Global Moderator @northernsky
          last edited by

          @northernsky said in Lan switching issue (pebkac 100%):

          last night on setting up a bridge for lan2

          Why would you think you need a bridge, and what were you trying to bridge it 2?

          As mentioned your rules show no hits at all 0/0

          What do you have plugged into lan2? Can you ping pfsense IP address of lan2? Does a client connected to lan2 get a IP from dhcp your running on pfsense?

          Out of the box, those rules would allow internet if you actually have a internet connection? I take it lan1 is working fine?

          Unless you have a floating rule blocking, or you messed with outbound nat rules and changed them from automatic. With those rules, anything connected to lan2 should have internet via natting to your wan connection.

          What network did you setup on lan2, its enabled? And a device connected to it gets dhcp address? Do you have lan2 connected to a PC/Laptop? An AP, a switch? Your not plugging lan1-4 into the same switch are you? If so then it would need to support vlans and those would have to be setup on the switch..

          Happy to help but need some more info - but from what you posted those rules would allow internet, but since seeing 0/0 that is saying there has been no traffic to lan2 interface.

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.7.2, 24.11

          N 1 Reply Last reply Reply Quote 0
          • N
            northernsky @johnpoz
            last edited by northernsky

            @johnpoz I already have LAN working fine as that was the default one set up when the router was configured. I'm trying to get the other switch ports to work with the 6100 so I can get rid of the other switch I have. From all the reading I have been doing this is not the case and it seems I have to have a different WAN connection for each LAN port with a different subnet for it to work. Set me straight if I am wrong. I watched a bunch of youtube videos on creating a bridge to get it to work but I ended up bricking my firewall and having to factor reset... and it turns out that was a bad idea from what most of you are saying. LAGG might be another option but I would have speed loss? If there is a better way I am all ears. Yeah it's enabled and lan1 is working perfectly.

            johnpozJ 1 Reply Last reply Reply Quote 0
            • johnpozJ
              johnpoz LAYER 8 Global Moderator @northernsky
              last edited by

              @northernsky said in Lan switching issue (pebkac 100%):

              work with the 6100 so I can get rid of the other switch I have

              The interfaces on the 6100 are discrete interfaces, they are not switch ports.. What switch are you trying to get rid of?

              If you wanted switch ports on your router, you should of gone for the 5100, but believe that is no longer sold. So I think current options with switch ports are the 2100 or the 7100.

              it seems I have to have a different WAN connection for each LAN

              That is not the case for sure..

              An intelligent man is sometimes forced to be drunk to spend time with his fools
              If you get confused: Listen to the Music Play
              Please don't Chat/PM me for help, unless mod related
              SG-4860 24.11 | Lab VMs 2.7.2, 24.11

              N 1 Reply Last reply Reply Quote 0
              • N
                northernsky @johnpoz
                last edited by

                @johnpoz My plan was to use the lan ports on the 6100 so I can get rid of the netgear switch I have lan1 plugged into. Looks like I misunderstood what I thought those ports could do. I saw several reviews saying all those ports are interchangeable and It's hard to believe I cant set up the other lan ports as basic switching on the same subnet.

                my netgear switch is manageable and I could set up vlan groups but not sure if that would help.

                Thanks for replying I really appreciate your information and help.

                johnpozJ 1 Reply Last reply Reply Quote 0
                • johnpozJ
                  johnpoz LAYER 8 Global Moderator @northernsky
                  last edited by

                  @northernsky the specs on the page clearly call out discrete ports, states unswitched..

                  You can use them for whatever sort of connection you want lan or wan, but they are not switch ports.

                  While you can somewhat simulate what a switch does with a bridge, its still not switching and horrible solution and really should only be used while you wait for a switch ;)

                  If your switch supports vlans, then sure you could use the different interfaces on pfsense as uplinks from the different vlans, so your not hairpinning intervlan traffic over the same physical interface, etc.

                  Did you just get the 6100? Maybe you can return it and get a 7100 or a 2100 which do include switch ports.. But they are not 2.5ge ports like on the 6100..

                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                  If you get confused: Listen to the Music Play
                  Please don't Chat/PM me for help, unless mod related
                  SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.