Maximum number of interfaces

murmur

Hi all,

I am running 2.0-RC3 (i386) on a 1 WAN, 1 LAN, 1 DMZ setup.
As I want to give a couple of clients access to their infrastructure hosted in my network, I started to create 3 interfaces for each of my clients. One for the OpenVPN, one for the DMZ and one for the LAN-segment (VLANs) of each.
I thought this was the proper way to do it as I could define rules for every client-network but now - after opening up 3 of them I am stuck.

If I try to create an additional interface (I only have 3 physical interfaces - the rest is virtual (VLANs or OpenVPN) - the + button is not where it used to be. After a bit of URL-hacking I got

The following input errors were detected:
No more interfaces available to be assigned.

Now - Is there a limit for interfaces? I can imagine scenarios where more than 10 interfaces may be necessary. Or am I simply taking the wrong path creating interfaces for this?

I found this in the doc http://doc.pfsense.org/index.php/How_many_interfaces_does_pfSense_support%3F. According to this information there should not be any limit…

Thank you and Regards

wallabybob

In web GUI, Interfaces -> (assign), click on the VLANs tab then click on the "+" button to add VLAN interfaces. On the Assign interfaces tab you can assign only the interfaces that exist in the system.

murmur

Thank you wallabybob

I have added the VLANs fist but they do not show up in the firewall rules. If I want to prevent a user from VLAN 20 to access ips from VLAN 30 I have to create an interface frist based on that VLAN- I haven't found another way to separate the traffic. I was able to open up 20 VLANs - thats not the problem. But I cannot create rules based on a vlan directly I think - only if an interface relys on it.  (also tied groups and aliases)

There would not be a problem actually if I could open up more than 10 interfaces

wallabybob

@murmur:

I have added the VLANs fist but they do not show up in the firewall rules.

Sorry, I left out a couple of steps.

I added 16 VLANS on the VLAN tab. Then I clicked "+" on the Interface assignments tab for each of the VLANs and added new interfaces named OPT8, OPT9, … OPT23 corresponding to the new VLANs .Then I selected interface OPT8, enabled, saved and apply'd and then went to Firewall -> Rules and saw a tab for OPT8.

@murmur:

If I want to prevent a user from VLAN 20 to access ips from VLAN 30 I have to create an interface frist based on that VLAN

Yes, that's the way it works.

@murmur:

But I cannot create rules based on a vlan directly I think - only if an interface relys on it.

Yes, you need to create the vLAN and the matching interface, enable the interface, save and apply.

@murmur:

There would not be a problem actually if I could open up more than 10 interfaces

Where are you trying to "open up more than 10 interfaces" and what is reported?

murmur

@wallabybob:

I added 16 VLANS on the VLAN tab. Then I clicked "+" on the Interface assignments tab for each of the VLANs and added new interfaces named OPT8, OPT9, … OPT23 corresponding to the new VLANs .Then I selected interface OPT8, enabled, saved and apply'd and then went to Firewall -> Rules and saw a tab for OPT8.

Thats the thing.. after 10 Interfaces I am not shown the "+" anymore. It works perfectly as you describe up to the 10th interface, then the "+" icon diappears. If I try to fool the GUI by entering the add-interface-link manually, I am returned the error message:

The following input errors were detected:
No more interfaces available to be assigned.

There has to be a setting limiting me to add more than 10 interfaces somewhere.

Yes, that's the way it works.

@wallabybob:

Yes, you need to create the vLAN and the matching interface, enable the interface, save and apply.

Did everything.. works like a charm.. up to ten interfaces…
Here is a pic of the GUI as I see it after 10 interfaces:

I tried it with 3 different browser to be sure it is not a compatibility-related thing. ???

wallabybob

What VLANs do you have defined on the VLANs tab of the Assign Interfaces page?

What version of pfSense are you using? I'm using 2.0-RC3-IPv6 (i386) built on Tue Jun 21 17:40:54 EDT 2011 and I have 20 interfaces showing on the Assign Interfaces page and the "+" button indicating there are more interfaces I could add.

Its not clear to me how many interfaces you are wanting to add. I'm guessing a VLAN DMZ and a VLAN "LAN" for each client and an an OpenVPN for each client which I presume would need to be added through the VPN -> OpenVPN page (but configuring VPNs in pfSense is outside my experience).

cmb

That means you don't have any more interfaces to assign. You can assign however many exist. With VLANs, you have to create them first on the VLANs tab.

murmur

OMG…

I really, really, really feel stupid now.  :o My apologies for wasting your time. I completely under-estimated the pfsense-team.

Issue resolved. Thank you very much