1 wan 1 lan multiple opt interfaces same subnet


  • Hey all!

    I've been working on this for a while now and decided it was time to hit the experts. I have 1 wan connection and 1 lan connection and 3 opt connections.

    I have DHCP coming from a different server. I have also tried with the pfsense box handing out DHCP information.

    I want all the interfaces, (except wan of course) on the same subnet. I simply can't get them to communicate with one another.

    Do I need to assign each opt interface with a seperate static ip from the same subnet?

    Do the opt interfaces need address's at all?

    Would it be easier to bridge the interfaces?

    thank you for your time in advance!


  • Regular switch is better than bridging because of pfsense has to scan all the trafic which comes from interface and leaves another interface.

    Why you need such a topology


  • Mostly because I don't want to have to remember a bunch of different subnets.

    Each opt interface and or lan are going to a different device or group of devices, thereby having pfsense handle all routing.


  • But if anything is in same lan you don't need router device, because trafic never gets there(unless you want to goto internet)

    Pros in same lan

    • Router isn't limiting the speed(bottle neck effect)

    Cons in same lan

    • You can't filter the trafic inside the lan(unless you have managed switches)

  • I have been looking to an answer to this question myself. Is it possible to have OPT interfaces act as a switch? With the point being everything is pulling from the same dhcp and will be within the same subnet.

    Your typical store bought router has a 4 port switch built in, is there a way to replicate this with Pfsense? I realize that we are talking about a router, just curious as if it is possible. If I can get away with just my pfsense device, I would prefer that rather than having a pfsense box and a seperate 5 port switch.


  • You can do this in pfSense. You will setup a bridge with LAN, and all opt interfaces. Then you will create a rule in each opt and LAN to allow any source and port to any destination and port.  You will have some slow down for processing but it will work.


  • Are you just doing this for fun?  Why add a bunch of interfaces just to put them on the same subnet?


  • Reason to do this is to not need to rely on a switch, which would be an extra piece of hardware. My example is a small branch office. I have 2 computers and a printer. On a linksys/netgear, I would have a 4 port switch built into the router. Basically I want a single piece of hardware able to handle routing and "switching" for 2 computers and a printer.

    I could also say I have a wireless adapter that I want on the same subnet as well. I need it on the same subnet so a laptop can wirelessly access shares on 1 computer and the printer.