Change NIC's without rebuilding pfSense?



  • Hi There,

    My PF rigs installed on one dual NIC Intel card and the stock Intel NIC on the mobo. I want to swap this NIC out for an Intel single.

    When booted, it complained about a change. I through and re-creating the ~10 VLANs’ and WAN / LAN interface, alas, all interfaces were back to their stock “OPT[X]” names, and when re-enabled, none of the firewall rules seems to stick.

    I set back to factory, restored a backup and it didn't seem too happy at all. I couldn't contact it anymore and it was flaky. I had to stick the dual NIC card back in, reset, restore so that the network is back up again (VLAN’d everything so no PF, no local network)

    Q: Is there a clever was to change hardware like I am trying to do without needing to rebuild and set everything up again? It would take hours to document all my changes and run through them again on a fresh build.
    I actually saved a backup from the NOT working state and then compared it line by line with Notepad++ with the backup I used to get back to a working state and there doesn’t seem to be much difference about from the em0/em1/ interface references.

    Any help or assistance in the matter would be highly appreciated!!

    Michael



  • Since you say you already have a backup of the non-working system.

    Look for the part where the interfaces are assigned.
    There should be something like "vr0, em0, bg0, etc." for the interface selection.

    Take a copy of the working config, replace the (driver)names of the interfaces you want to replace with the names of the new interface and restore.



  • Have needed to do the same a few times; NIC changes. It was pretty straight forward; just starting the machine again or after restoring from a backup configuration. Was asked how to assign the new interfaces. Did the auto detection for interfaces and changed/added the interfaces as needed in the GUI. After which all firewall rules changed to using the new assignments.

    But as GruensFroeschli said, editing the config would work also.



  • I am about to do this right now. Plan of attack is shutdown, add new NIC, update config, move over cables. Let's see how it goes.

    If you remove NIC when pfSense comes up it will alert you to the change and ask you to re-assign the defined interfaces to the physical interfaces.



  • Sorry for late reply but, posting for completeness and in case anyone else makes the noob mistakes I was.

    Thanks taryezveb, and yes joako, indeed restoring in the manor you said work this time. The mistake I was making was when assigning interfaces incorrectly :)

    1 – Replace hardware, boot up, create all the VLAN ID’s, associating them to the new single port intel NIC
    2 – Assign interfaces using the em0_vlan[VLAN_ID], in my case em0_VLAN10 -> em0_VLAN100
    3 – In my case, be sure to correctly assign the LAN interface to the correct VLAN ID, my case em0_VLAN10.
    4 – All adaptors are disabled by default and have lost their interface names, so
    5 – Log into webGui, enable each one and assign correct name. So far, everything works as expected.

    GruensFroeschli, thanks again, now I know this should be possible, I will be comparing old backups to new ones and looking for the delta so I can be more assured if needed, I could mod the backup. (I come from the thinking that if i am going to spend time config'ing pfSense and learning about networking, that i dont want to have to start all over if hardware changes for what ever reason)

    Q:  I dump all my backups as encrypted; is there way to uncompress / view them outside of pfsense?
    Q2: is there any interest in making a GUI so one can restore certain parts from backups selectively?
    Q3: The backups clearly contain keys as when I do restore, all my VPN’s work as expected; am I right in thinking if someone gets hold of my backups they have my webgui passwords, user accounts, and VPN keys? I have assumed so, so keep them in truecrypt stores.

    Thanks again!



  • I want to confirm that's how I did it (the new interface is also named em0 and em1) and it worked well. And my names were not lost, but since I have enough slots in the system, two old fxp interfaces are still in there.


Locked