LAN vs. OPT



  • I'm not sure this question belongs in this topic, but I don't know where else to put it.  Is there anything fundamentally different "under the hood" about the initial LAN compared with OPT interfaces?  Several times in this forum, people refer to the "pfSense LAN" in a way that implies a distinction that persists beyond the renaming of interfaces.  Also, there are cases where the LAN is singled out as behaving correctly or incorrectly while OPTs are doing the opposite.


  • Rebel Alliance

    By default the LAN interface, have the "Default allow LAN to any rule " and the "Anti-Lockout Rule" and ALL outbound traffic is allowed.

    By default OPT interface does not have any rule, and ALL traffic is blocked.



  • Yes.  That one I knew.  Anything else?  Say, for instance, you bridged the LAN and several OPTs.  Would the LAN behave any differently than the OPTs in the context of the bridge?  A friend asked this specific question and I generalized it because I have seen the more general question showing up "behind the scenes" in many topics and threads in this forum.



  • @ptt:

    By default the LAN interface, have the "Default allow LAN to any rule " and the "Anti-Lockout Rule" and ALL outbound traffic is allowed.

    By default OPT interface does not have any rule, and ALL traffic is blocked.

    (Dumb ?) So, if you want to configure a separate interface for WiFi, you would simply enable an OPT and configure it with a similar rule and it would work?  Would you have to bridge it to the WAN interface?



  • @ptt:

    (Dumb ?) So, if you want to configure a separate interface for WiFi, you would simply enable an OPT and configure it with a similar rule and it would work?  Would you have to bridge it to the WAN interface?

    What exactly are you wanting to do?  Are you wanting to bridge the Wifi with your LAN? Or have it seperate?



  • Running:

    2.1-DEVELOPMENT (i386)
    built on Fri Nov 25 14:30:42 EST 2011

    FreeBSD 8.1-RELEASE-p6

    Back to mdpugh asking about how the LAN interface differs from OPT interface.  I have a question along the same lines about bridge.  Why is it when you put your bridge on the LAN interface, clients can FTP to an outside server with no issues but when you put the bridge on an OPT interface it sporadically works.  This includes setting the FTP proxy to watch the interfaces.  Same with putting the bridge on the LAN  client boxes can't see one another but if you put it on OPT interface it works.  That's including setting up your firewall rules to pass any ports IPv4 or IPv6 on the lan or opt interfaces that are included ine bridge.  Why would it handle these two issues differently?? Thanks again for the great support!!

    -Joe



  • @joe_cowboy:

    What exactly are you wanting to do?  Are you wanting to bridge the Wifi with your LAN? Or have it seperate?

    Well, I built a box with 4 NICs: LAN, WAN, WIFI (OPT1) and DMZ (OPT2).  LAN and WAN cards work, no problem.  I want to keep the Wifi and DMZ separate.  I even bought the Pfsense book, but there are only general items regarding the OPTs.  No step-by-step items.  I must be overlooking something so simple.


Log in to reply