Maximum number of interfaces

murmur · Jul 21, 2011, 8:18 AM

Hi all,

I am running 2.0-RC3 (i386) on a 1 WAN, 1 LAN, 1 DMZ setup.
As I want to give a couple of clients access to their infrastructure hosted in my network, I started to create 3 interfaces for each of my clients. One for the OpenVPN, one for the DMZ and one for the LAN-segment (VLANs) of each.
I thought this was the proper way to do it as I could define rules for every client-network but now - after opening up 3 of them I am stuck.

If I try to create an additional interface (I only have 3 physical interfaces - the rest is virtual (VLANs or OpenVPN) - the + button is not where it used to be. After a bit of URL-hacking I got

The following input errors were detected:
No more interfaces available to be assigned.

Now - Is there a limit for interfaces? I can imagine scenarios where more than 10 interfaces may be necessary. Or am I simply taking the wrong path creating interfaces for this?

I found this in the doc http://doc.pfsense.org/index.php/How_many_interfaces_does_pfSense_support%3F. According to this information there should not be any limit…

Thank you and Regards

wallabybob · Jul 21, 2011, 10:12 AM

In web GUI, Interfaces -> (assign), click on the VLANs tab then click on the "+" button to add VLAN interfaces. On the Assign interfaces tab you can assign only the interfaces that exist in the system.

murmur · Jul 21, 2011, 11:01 AM

Thank you wallabybob

I have added the VLANs fist but they do not show up in the firewall rules. If I want to prevent a user from VLAN 20 to access ips from VLAN 30 I have to create an interface frist based on that VLAN- I haven't found another way to separate the traffic. I was able to open up 20 VLANs - thats not the problem. But I cannot create rules based on a vlan directly I think - only if an interface relys on it. (also tied groups and aliases)

There would not be a problem actually if I could open up more than 10 interfaces

wallabybob · Jul 21, 2011, 12:58 PM

@murmur:

I have added the VLANs fist but they do not show up in the firewall rules.

Sorry, I left out a couple of steps.

I added 16 VLANS on the VLAN tab. Then I clicked "+" on the Interface assignments tab for each of the VLANs and added new interfaces named OPT8, OPT9, … OPT23 corresponding to the new VLANs .Then I selected interface OPT8, enabled, saved and apply'd and then went to Firewall -> Rules and saw a tab for OPT8.

@murmur:

If I want to prevent a user from VLAN 20 to access ips from VLAN 30 I have to create an interface frist based on that VLAN

Yes, that's the way it works.

@murmur:

But I cannot create rules based on a vlan directly I think - only if an interface relys on it.

Yes, you need to create the vLAN and the matching interface, enable the interface, save and apply.

@murmur:

There would not be a problem actually if I could open up more than 10 interfaces

Where are you trying to "open up more than 10 interfaces" and what is reported?

murmur · Jul 21, 2011, 1:20 PM

@wallabybob:

I added 16 VLANS on the VLAN tab. Then I clicked "+" on the Interface assignments tab for each of the VLANs and added new interfaces named OPT8, OPT9, … OPT23 corresponding to the new VLANs .Then I selected interface OPT8, enabled, saved and apply'd and then went to Firewall -> Rules and saw a tab for OPT8.

Thats the thing.. after 10 Interfaces I am not shown the "+" anymore. It works perfectly as you describe up to the 10th interface, then the "+" icon diappears. If I try to fool the GUI by entering the add-interface-link manually, I am returned the error message:

The following input errors were detected:
No more interfaces available to be assigned.

There has to be a setting limiting me to add more than 10 interfaces somewhere.

Yes, that's the way it works.

@wallabybob:

Yes, you need to create the vLAN and the matching interface, enable the interface, save and apply.

Did everything.. works like a charm.. up to ten interfaces…
Here is a pic of the GUI as I see it after 10 interfaces:

I tried it with 3 different browser to be sure it is not a compatibility-related thing. ???

wallabybob · Jul 21, 2011, 9:07 PM

What VLANs do you have defined on the VLANs tab of the Assign Interfaces page?

What version of pfSense are you using? I'm using 2.0-RC3-IPv6 (i386) built on Tue Jun 21 17:40:54 EDT 2011 and I have 20 interfaces showing on the Assign Interfaces page and the "+" button indicating there are more interfaces I could add.

Its not clear to me how many interfaces you are wanting to add. I'm guessing a VLAN DMZ and a VLAN "LAN" for each client and an an OpenVPN for each client which I presume would need to be added through the VPN -> OpenVPN page (but configuring VPNs in pfSense is outside my experience).

cmb · Jul 22, 2011, 5:37 AM

That means you don't have any more interfaces to assign. You can assign however many exist. With VLANs, you have to create them first on the VLANs tab.

murmur · Jul 22, 2011, 9:23 AM

OMG…

I really, really, really feel stupid now. :o My apologies for wasting your time. I completely under-estimated the pfsense-team.

Issue resolved. Thank you very much