The Dreaded PFSense as a Switch (Temporarily)
-
So, I recently lost my networking gear and when ordering new stuff my switch got lost in the mail and I am now stuck with 1 thing:
I have one of those Intel N100 generic boxes with Intel i226v cards in. It was to be my router but now I will need it to pull double duty as a switch for 3 clients for 2-4 weeks. I know this is going to be poorly performing and it is not best practice all that, but it is my only option. Buying a temporary switch is not an option nor is lending one.
I do not have a spare switch laying about in any way shape or form and my ISP box only has a LAN and a WAN port.What I have set up sofar is my ISP router in bridge mode -> PFSense box. The pfsense box have its wan port facing the ISP box. I now need those 4 ports on the pfsense box to offer DHCP but no matter how I poke at the bridging of interfaces and toying with the VLANS to put them on the same subnet with the ugliest open firewall rules I can't get more than 1 device to receive DHCP from the pfsense box.
Browsing through this forum has not yielded any guides I can look at and the official websites assumes I'm using a Netgear box with a built in switch, which I do not have. Can anyone point me in the direction of a guide or perhaps help me set this up so I can get my network properly up and running in the interim?
-
@mythos1357 If you assign your assign your LAN IP address and DHCP to the LAN bridge and then assign your NICs to to the bridge that should work. No IP addresses on the NICs.
Just skip any VLANs for now. -
Well, it worked somewhat. I had to move the dhcp to the bridge via the shell and while I now get IP and such from any of the 4 ports I have somehow managed to bypass the lockout protection... I can't access the web ui. I'm guessing there was a leftover firewall rule or perhaps even a lack of one but for now I'm stuck with the shell purely.
Any tips? Tried resetting the webui and doing a full device restart. And thank you for responding so quickly to a topic I know is frowned on!
-
Thanks you the resource you linked I was able to find the firewall temporary bypass and correct my mistake after some fumbling around. Thank you so much for assisting me with this issue!
Hopefully the performance isn't too terrible for these 2 weeks but honestly I was about ready to head into the streets and beg for a spare router/switch...
-
@mythos1357 said in The Dreaded PFSense as a Switch (Temporarily):
Hopefully the performance isn't too terrible for these 2 weeks
I dunno. I think you'll be fine. I run a wired and 2 wireless interfaces on a bridge and it seems to work OK! Not because I should but because I can.
-
@mythos1357 what are you doing between the clients that they need to be on the same network?
Why would you not just create 3 networks, with any any rules - other than broadcast or multicast the devices could talk to each other just like they were on the same network.
You wouldn't of had to mess around with bridging stuff that way - and as you said it's just temp..
-
Main computer + NAS and mediacenter + security camera system. You can probably see the communication need between these 3
-
@mythos1357 none of that says same network to me.. The only thing that would require them to be on the same network would be broadcast/multicast.
My cameras sure are not on the same network as my pc or nas.. My plex isn't even on the same network as my roku sticks.
My printer isn't on the same network as my pc and I print just fine, etc..
-
Aye I'm sure it could be just as fine but compared to selecting 3 interfaces and making a bridge on them the simplicity appears to me far easier. I was stressed enough yesterday just getting things up and running after figuring out the disaster so simplest and quickest was the path for me.
I will be splittings things into separate networks once I have the managed switch arrive and do things proper as I have a AP I most definately do not want to give much leeway in the network since its only used by visitors etc, but thats a problem for when the hardware arrives. Visitors can manage without free wifi for 2 weeks since its a courtesy thing :)
-
@mythos1357 it would of taken all of a couple of seconds to create networks on the 2 other interfaces..
vs
"Well, it worked somewhat. I had to move the dhcp to the bridge via the shell and while I now get IP and such from any of the 4 ports I have somehow managed to bypass the lockout protection."
Or even have to ask how to do it in the first place.
-
I appreciate what you're trying to say and I hope you can appreciate the sheer stress I was under at the time of choosing the approach. I made lots of mistakes due to it and I am correcting and tweaking them as of now, but things work right now and thats good enough.
The lockout protection thing was a simple " I forgot to hit apply settings " because of the stress :)
-
@mythos1357 glad you have a working network - just confused on why you stressed about it in the first place.. Seems self induced to be honest.
Not sure why you went about messing with a setup you were not clear about how to do, when simple creation of 3 networks for your 3 devices would of been simpler path.
Especially if your goal is segmentation anyway.
Now you have to undo all that when you get your switch.. If you would of just created 3 segments from the get go - you more than likely could of just leveraged those as your uplinks from your switch and been done. Just putting your other devices on their respective networks.. And creating the firewall rules you will want when you actually segment.
Guess it was a good learning experience.
-
Stress is always self induced and a silly thing to do, but it still happens so eh... I always treat things as a learning moment so it doesn't become a negative thing so thank you for the educational tips and help!
-
@mythos1357 said in The Dreaded PFSense as a Switch (Temporarily):
Stress is always self induced and a silly thing to do
Wise words for sure..
Life throws things at you - but yeah stressing about anything for sure is always self induced ;)
