How to use Opt2 port as a switch port?

  • Hi everyone,

    Currently, I have the following setup:

    ISP box => Dumb Switch
                          |            |
                      pfSense    D-Link Router

    As you can see above, there are two routers in the diagram. One is pfSense and one is D-Link router. Both of them obtain public IP from provider using Static IP. I want pfSense to be replacing the Dumb switch because I want to do some QoS.

    Can I do something like this:
    ISP Box =>    pfSense
                        |      |
                Server  D-Link Router

    Where Server is connected to Opt1 and D-Link is connected to Opt2 but that port is just like Dumb Switch port and so D-Link router can set it's own Static IP like it does in the previous diagram.

    Any feedback is much appreciated.


  • Sounds like you want to bridge Opt2 to WAN.

  • Netgate Administrator

    Why do you need the D-link router at all?

    You could bridge OPT2 with WAN as suggested but I'm not sure how that might impact QoS.  :-\

    You could setup a virtual IP on WAN, for your second static address from your ISP, and 1:1 NAT that to OPT2 or route it if you don't want NAT.


  • Thanks gdref and stephenw10.

    I must be using either QoS or Traffic Shape - preferably having the option for both.
    I have never worked with 1:1 NAT. The D-Link router is managed by someone else. So, does 1:1 NAT give them all ports they want or would be I getting calls to open or close ports from time to time?


  • Netgate Administrator

    1:1 NAT gives them every port so you shouldn't get any calls. They will have a private IP however. Not sure if that may have any impact. Some software insists on having a public IP, unreasonably in my opinion.


  • Thanks for clarification.

    1- They will be getting private IP because it allows me to do traffic shaping and QoS?
    2- Also, can I not map a public IP to NAT 1:1 so that even if the D-Link WAN interface shows a private IP, yet any incoming traffic to a public IP will be forwarded to it?
    3- What if I went the route that gderf suggested - bridging opt1 with WAN port? Would that allow me to do QoS and traffic shaping? What are the drawbacks or advantages?

    I don't care for firewall or security of D-Link and only care about QoS and traffic shaping because of a VoIP network to come in place.


  • Netgate Administrator

    1. They will get a private IP since they will still be behind NAT. That's just the nature of doing it as 1:1 NAT.

    2. Yes, that's exactly what would happen with 1:1 NAT. Some software may have a problem with this. For example some games consoles will attempt to use UPNP to open ports through a firewall/router. That will work fine through the  D-Link but they then expect to see a public IP as the next hop and it won't be. Even though it would work fine they sometimes complain in obscure non technical terms as they have to allow for all levels of user.  It's a while since I tried this and even longer since I saw a problem like this but you should be aware that some things are fussy.

    3. As I said I'm not sure how this might impact any sort of traffic shaping options. I've never tried traffic shaping across a bridge, I'd have to look into it. Chances are it would work fine.

    How are your public IPs handed to you?


  • Public IPs are static. And there are 7 of them and I only need one for pfSense so rest of them should be given to the person who manages the servers - hence I really need that "switch" port but with capability to allow me run the VoIP network smoothly with traffic shaping or QoS.

Log in to reply