Pfsense work in 1 Nic ?



  • Hi

    Currently i looking to setup my Atom pc which have only 1 NIC build in and 2 usb port (for Wireless Nic).

    I though of want to setup pfsense as my firewall router and i search through google and find most of people using 2 Nic pc to setup.

    Will it possible for me in my currently pc setup ?



  • Yes, you can.  If you have a VLAN capable switch, you can use VLANs to emulate multiple 'interfaces'.
    Alternatively, if you can get hold of a compatible USB -> Ethernet adapter, that will work too.



  • @dreamslacker:

    Yes, you can.  If you have a VLAN capable switch, you can use VLANs to emulate multiple 'interfaces'.
    Alternatively, if you can get hold of a compatible USB -> Ethernet adapter, that will work too.

    of U

    USB Ethernet adapter ? anywhere i can find info on compatible unit ?

    I though of getting a Wireless USB adapter which currently i'm using to hog on my linksys router..



  • The hardware compatibility list is found from the front page of the pfSense web site, or directly here.



  • From personal experience I can tell you that performance of USB-Ethernet devices tend to be flaky. I tried with 2 different models (one generic and another was name brand) and although both were supported, it was inconsistant performance at least in my case. There were times I would loose internet access and a reboot of the pfsense box would be required or sometimes, just removing and plugging in the USB-Ethernet device would be do the trick. This was with pfSense 1.2.3 although with pfSense 2.0 or with different hardware, YMMV.

    Since then, with help of members on this forum, I have switched to using one nic with a vlan capable switch and I couldn't be happier.



  • @hmishra:

    From personal experience I can tell you that performance of USB-Ethernet devices tend to be flaky. I tried with 2 different models (one generic and another was name brand) and although both were supported, it was inconsistant performance at least in my case. There were times I would loose internet access and a reboot of the pfsense box would be required or sometimes, just removing and plugging in the USB-Ethernet device would be do the trick. This was with pfSense 1.2.3 although with pfSense 2.0 or with different hardware, YMMV.

    Since then, with help of members on this forum, I have switched to using one nic with a vlan capable switch and I couldn't be happier.

    Did anyone use this vlan switch before ? is there any instruction to follow ?  I google around and find out that my DIR-615 also can do vlan switch as well but i dont know how to do that.

    Basically i want to move away from using my DIR-615 as a wireless router and switch it to pfsense.. :)



  • Many people use VLAN's with pfSense - see the documentation for a starter.



  • @mghong:

    Did anyone use this vlan switch before ? is there any instruction to follow ?  I google around and find out that my DIR-615 also can do vlan switch as well but i dont know how to do that.

    Basically i want to move away from using my DIR-615 as a wireless router and switch it to pfsense.. :)

    You need to hack a 3rd party firmware (DD-WRT/ OpenWRT) into the DIR-615 to get the VLANs feature on the switch to work.  Even then, you need to work off a CLI rather than GUI.  I don't recommend doing so.  Most users who are new to VLANs already misconfigure the switch on GUI, much less on CLI and the ports aren't exactly as they're named.  They show up as virtual interfaces within a physical interface so to speak because the switch chip is a single physical entity.

    I recommend getting the RB250GS (Routerboard) 5 port Gigabit switch to do so instead.  It's available for US$39.90, a decent price where you most likely get a dumb gigabit 5 port for anywhere else.



  • @dreamslacker:

    @mghong:

    Did anyone use this vlan switch before ? is there any instruction to follow ?  I google around and find out that my DIR-615 also can do vlan switch as well but i dont know how to do that.

    Basically i want to move away from using my DIR-615 as a wireless router and switch it to pfsense.. :)

    You need to hack a 3rd party firmware (DD-WRT/ OpenWRT) into the DIR-615 to get the VLANs feature on the switch to work.  Even then, you need to work off a CLI rather than GUI.  I don't recommend doing so.  Most users who are new to VLANs already misconfigure the switch on GUI, much less on CLI and the ports aren't exactly as they're named.  They show up as virtual interfaces within a physical interface so to speak because the switch chip is a single physical entity.

    I recommend getting the RB250GS (Routerboard) 5 port Gigabit switch to do so instead.  It's available for US$39.90, a decent price where you most likely get a dumb gigabit 5 port for anywhere else.

    So with this Vlan , i will only need a Nic  ?

    I believe it might be good for me to get another NIC to make thing simple..??



  • Yes, you only need 1 NIC if you choose to use VLANs.  Normally, it would be simpler to add another NIC.  Unfortunately, since you are looking at USB NICs, this can be a little tricky.  Compatibility is an issue and even then, they're known to be flaky in operation.



  • @dreamslacker:

    Yes, you only need 1 NIC if you choose to use VLANs.  Normally, it would be simpler to add another NIC.  Unfortunately, since you are looking at USB NICs, this can be a little tricky.  Compatibility is an issue and even then, they're known to be flaky in operation.

    it leave me no other choice , i need to dig on the trash bin to find a dump workstation to play with this,hopefully i don't need to spend big buck…

    If i with a 1 NIC how will the inter connect work ?

    ADSL -> pfsense  -> Switch - > Other Pc ?



  • ADSL ->  DSL Modem -> Vlan switch -+-> Pfsense
                                                      +-> Computers



  • @dreamslacker:

    ADSL ->  DSL Modem -> Vlan switch -+-> Pfsense
                                                       +-> Computers

    Hi dreamslacker

    This configuration look nice but with pfsense and other computer is in different vLAN , switch need to identify from "Computers" if want to go WAN , they must pass Pfsense ?

    Is there possible for this Vlan switch to be "wireless" for "Computers" ?



  • @mghong:

    Hi dreamslacker

    This configuration look nice but with pfsense and other computer is in different vLAN , switch need to identify from "Computers" if want to go WAN , they must pass Pfsense ?

    Is there possible for this Vlan switch to be "wireless" for "Computers" ?

    Yes.  The pfsense is your internet gateway, your computers need to go through it to access the internet.

    Lets just take for instance, that your 'LAN' is on VLAN 100 and your 'WAN' is on VLAN 200.  On the single NIC pfsense, it has a VLAN trunk to the switch that has both VLAN 100 and VLAN 200.
    These show up as virtual interfaces which pfsense then uses as LAN and WAN respectively.

    On the switch itself, the port used to connect the modem is the only port besides the pfsense port to be configured as VLAN 200.  Hence, all traffic from this port HAS to go to the pfsense box.  Similarly, the pfsense box sends all internet traffic to VLAN 200 which CAN ONLY go to this port connected to the modem.
    All other ports are configured as VLAN 100 untagged.  This allows all LAN traffic to freely move between ports.  Any dumb wireless AP can be connected here and it won't know better since the switch will remove the VLAN tag going out and add the VLAN tag internally for packets coming in.



  • @dreamslacker:

    @mghong:

    Hi dreamslacker

    This configuration look nice but with pfsense and other computer is in different vLAN , switch need to identify from "Computers" if want to go WAN , they must pass Pfsense ?

    Is there possible for this Vlan switch to be "wireless" for "Computers" ?

    Yes.  The pfsense is your internet gateway, your computers need to go through it to access the internet.

    Lets just take for instance, that your 'LAN' is on VLAN 100 and your 'WAN' is on VLAN 200.  On the single NIC pfsense, it has a VLAN trunk to the switch that has both VLAN 100 and VLAN 200.
    These show up as virtual interfaces which pfsense then uses as LAN and WAN respectively.

    On the switch itself, the port used to connect the modem is the only port besides the pfsense port to be configured as VLAN 200.  Hence, all traffic from this port HAS to go to the pfsense box.  Similarly, the pfsense box sends all internet traffic to VLAN 200 which CAN ONLY go to this port connected to the modem.
    All other ports are configured as VLAN 100 untagged.  This allows all LAN traffic to freely move between ports.  Any dumb wireless AP can be connected here and it won't know better since the switch will remove the VLAN tag going out and add the VLAN tag internally for packets coming in.

    I only have a 4 port WIFI route which are DIR-615 Dlink ,but still i wonder will my DIR-615 able to support this ?

    Why i want to switch to pfsense as router+firewall is because my DIR-615 is not powerful enough when we have 3 people who surf on the net and download some files. hence i though of use my old pc as Pfsense to handle all this and expected to squess my broadband to maximun …:)

    ADSL ->  DSL Modem -> DIR-615 -+-> Pfsense (Atom pc)
                                                      +-> Computers (laptop's)



  • As mentioned before, you need a VLAN capable switch.

    The DIR-615 won't do it unless you load OpenWRT or DD-WRT and the revision has to be supported.  Also, the configuration for VLANs will be in command line, not webgui.



  • @dreamslacker:

    As mentioned before, you need a VLAN capable switch.

    The DIR-615 won't do it unless you load OpenWRT or DD-WRT and the revision has to be supported.  Also, the configuration for VLANs will be in command line, not webgui.

    Any recommend switch ? dont want to send my budget into blackholes



  • The RouterBoard 250GS is cheap and VLAN capable.



  • You can uses your DIR-615 as an access point if you want, but you'll still need a vlan switch:

    ADSL ->  DSL Modem -> Vlan switch -+-> Pfsense
                                                      +-> Computers
                                                      +-> DIR-615 ))) wireless computers

    See also: http://www.dslreports.com/faq/11233



  • Hi guy

    Thank for your help… i just got another alternative but i need to run a proof of concept to show it really a router problem instead of DSL problem.

    Checking for existing issue before i create another thread for this..

    Thank guy..


Log in to reply