Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    3 NICs: how should I divvy them up?

    Scheduled Pinned Locked Moved Routing and Multi WAN
    2 Posts 2 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      gravyface
      last edited by

      I have pfSense 1.2.3 on an ALIX 2d3 (500MHz and 256MB RAM).  I've setup the following:

      vr0: WAN
      vr1: OPT1 (parent to VLAN 10 "workstations" and VLAN 20 "printers")
      vr2: LAN (10.0.0.1/24)

      According to the docs and the book, the DMZ should be assigned to a separate physical interface and switch fabric to mitigate against possible misconfiguration and/or "VLAN hopping".

      Unfortunately I'm all out of ports.  Should I use the LAN interface?  Do I even need it?  I could setup a small subnet as VLAN 30 called "admin" or something and only grant pfSense web access.  Or maybe as the "default" VLAN 1 and have an access port on both switches for strictly pfSense GUI access and/or switch management?

      Not sure the best use of my (limited) physical interfaces.  Thanks.

      1 Reply Last reply Reply Quote 0
      • GruensFroeschliG
        GruensFroeschli
        last edited by

        Well you have to decide yourself if you really need the LAN interface.

        You could also put the LAN on a VLAN on vr1 and have the DMZ alone on vr2.

        We do what we must, because we can.

        Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.