Second NIC to internal Net



  • Hi everybody,
    im running pfsense for a while now and ist becoming more and more my number one System :D

    I have a WAN-NIC (192.168.1.0/24) and a LAN-NIC (10.29.10.0/24) for my virtual VM's (pfsense and VM's are running on ESXi 5.1)

    Here is what i want:
    I have a Hardware-Server which i also want to connect to my internal Network.
    So i installed a second LAN-Card and assigned it with the IP 10.29.10.50
    However i cannot ping pfsende nor any other VM on my ESX Server :(

    What do i have to do to assign my "LAN" to the second NIC?

    This must be a very n00bish question but i am new to pfsense and Networking and don't know what to do.

    Thank you for your Help.



  • @Chris929:

    I have a Hardware-Server which i also want to connect to my internal Network.
    So i installed a second LAN-Card and assigned it with the IP 10.29.10.50

    I presume the "Hardware-Server" is a separate box from the VMware box hosting pfSense and the second LAN card is installed in that server.

    You haven't mentioned physical connection: you need to connect the second LAN card to a switch that is connected to the physical interface that is used by the pfSense LAN-NIC.

    But if the "hardware server" is another VM and the "second LAN card" is a virtual NIC then you need to make a connection between that virtual NIC and the pfSense (virtual?) LAN-NIC and thats a VMware issue. But maybe the pfSense LAN NIC is a "PCI passthrough" NIC.

    I think you will need to provide more configuration information. And this doesn't seem to be a pfSense issue.



  • Hello wallabybob,
    thank you for your Quick Help.

    The Network on my vmware-Server it looks like this:
    http://www.bilder-space.de/bilder/6330f4-1352153033.png

    vmnic 2 is the 192.168.1.0/24 site

    and the new vmnic1 i want to be the 10.29.10.0/24 site.

    Server 01-Nanoha is my pfsense.

    vmnic2 delivers the WAN to pfsense - this site is delivered by my ISP.
    pfsense delivers the LAN as VLAN-100 to Servers 2 to 12
    Servers 01-12 are all on one VMware Server
    So far this works and pfsense runs very good.

    Now i want the new vmnic1 to deliver the 10.29.10.0/24 net to my other Hardware-Server

    I hope you understand what i mean

    Thanks again for your Help



  • @Chris929:

    Hello wallabybob,
    thank you for your Quick Help.

    The Network on my vmware-Server it looks like this:
    http://www.bilder-space.de/bilder/6330f4-1352153033.png

    vmnic 2 is the 192.168.1.0/24 site

    and the new vmnic1 i want to be the 10.29.10.0/24 site.

    Server 01-Nanoha is my pfsense.

    vmnic2 delivers the WAN to pfsense - this site is delivered by my ISP.
    pfsense delivers the LAN as VLAN-100 to Servers 2 to 12
    Servers 01-12 are all on one VMware Server
    So far this works and pfsense runs very good.

    Now i want the new vmnic1 to deliver the 10.29.10.0/24 net to my other Hardware-Server

    I hope you understand what i mean

    Thanks again for your Help

    The "VLAN-100" label brings in some questions.  Did you intend for this network to participate in a VLAN?  As it is set up now, it's not configured for any VLANs (It'd have a "VLAN ID:####" showing behind the "12 Virtuelle Maschine(n)" information.)  If you do have a VLAN set up on your external switch, you would also have to configure it in that port group, and that label wouldn't do it, the label is just a name.  But, that could simply be a label, it just brings up questions about your other hardware.

    If that's not the case, otherwise, from your description and image (I'm pretty sure I understand through the differing language on the image), this should work assuming your physical hardware is otherwise working properly.



  • Oh, wait.  ESXi, itself, from the console, won't be able to ping that network.  Pinging from the ESX(i) console only pings through the management interface(s), as that ping is really just there to test management connectivity.  In fact, I'm not sure how you assigned that physical nic an IP address at all.  You shouldn't.

    That "VLAN-100" network would only be able to communicate with things on that network, and your VMkernel Port for your management isn't on it.  Don't just put a VMkernel Port on it just to test it, though, you could lose access to it.  To test it, connect a physical machine with its NIC configured to receive DHCP, that should work (assuming your switch and other machine are otherwise operating ok.)


Log in to reply