Can opt-2 interface be used as a second LAN interface?



  • Our box has four interfaces, WAN, LAN, XOVER to backup box, and OPT-2
    We connected OPT-2 to a second LAN, in the hope that we can use it just like the LAN but without having to use VLANs on the LAN.

    However, we cant get anything connected to it to see anything.  E.g. a box on this new lan cant even ping the pfsens box on the ip we assigned to it (even adding a global allow everything rule on this interface).  Before we spend a long time searching, is what we are trying to do actually possible with pfsense?

    Thanks!

    Eos.


  • Rebel Alliance

    You must create the "PASS" rules on "OPT" type Interfaces, by default ALL traffic is Blocked

    Please post a screenshot of your Rules

    And a Diagram of your connectons with IP assignement (just mask the public IPs) will be better for help you



  • I did create a rule which said allow anything on any port as a test.  Is this what you mean by pass?  Or do I have to setup any routing?  Is icmp (ping) disabled by default?  I would have guessed that say alow from any to any any protocol should allow the interface to be pinged, but it doesnt seem to.

    Thanks!



  • Use this: http://blog.stefcho.eu/?p=754

    We configured OPT2 which is connected to a gigabit switch.  Into the switch we have connected a wireless access point for guest wifi.  In this scenario, the "guest" network is on a differnet subnet, therefore isolated from our private network by the router.  Any wifi connections on the WAP, or computers patched into the separate switch are therefore isolated.

    Otherwise SteFcho's setup worked great.  Just make sure you choose a subnet that you're not using for VPN…a mistake I made :-)


Log in to reply