How to connect client (PC or Mac) to pfSense router host?



  • I am simply trying to connect either my PC or Mac to my pfSense mini-ITX router setup. It appears that my installation was successful. I did not get any errors, all setup options posted as '…Done'. Once booted, I was able to ping google.com using the pfSense menu option. My WAN (rl0) was assigned alias 'rl0' with address 208.118.25.70 (DHCP) and the LAN (fwe0) has ip address 192.168.1.1

    I set my Mac's network configuration to 'Using DHCP' with the router address set to 192.168.1.1 but still unable to connect to pfSense webgui at http://192.168.1.1./ I also thought it might be simply a cable problem so I tried a crossover cable instead but still nothing.

    Can anyone tell me what I am missing or how to set the client machines network or test/troubleshoot my setup???

    My network hardware configuration is very simple: cable modem-pfSense router-client PC/Mac. My pfsense box has and Intel NIC card with 3 ports. I plugged the WAN into 1 and the LAN into the second port on the NIC card. I also disabled the onboard NIC via BIOS thinking this was the problem. I am obviously no networking expert. I have seen install documentation which states that at least 2 NIC cards are required. Does this mean 2 separate cards or just a NIC card with at least 2 ports?



  • If your Intel NIC card has three ports that does not make it a hub with all the ports belonging to the same network. You basically have three different NICs that can't be on the same network (unless bridged).

    Do this:

    On one of your PCs, verify that the NIC is set to an address in the 192.168.1.0/24 network other than 192.168.1.1.

    IP: 192.168.1.2
    Netmask: 255.255.255.0
    Gateway: 192.168.1.1

    On that PC begin continuously pinging 192.168.1.1.

    Move the ethernet cable coming from the PC to each port on the Intel card until you start getting replies to the pings on the PC.

    Leave the cable connected to the port that is replying.


  • LAYER 8 Global Moderator

    "I set my Mac's network configuration to 'Using DHCP' with the router address set to 192.168.1.1 "

    So when you say you set your mac to dhcp, it got a lease from your pfsense?  How did it get 192.168.1.1 as gateway - did you manually set that?

    I agree with gderf here - if you have a 3 nic card, and one clearly got a wan IP from your cable modem.  Its not clear which one of the other 2 ports pfsense would of assigned as the lan.

    So try each one.  Modern nics, ie if 10/100/1000 should do auto crossover so you should be able to just use any patch cable. And connect your PC/MAC directly too the pfsense lan interface.

    But since you mention pc and mac, don't you have a switch?  You can pick up 10/100 for like $20 these days - shoot you even might find a 10/100/1000 on sale for like $20, but $40 you should be able to find a gig switch even.



  • @gderf:

    If your Intel NIC card has three ports that does not make it a hub with all the ports belonging to the same network. You basically have three different NICs that can't be on the same network (unless bridged).

    Do this:

    On one of your PCs, verify that the NIC is set to an address in the 192.168.1.0/24 network other than 192.168.1.1.

    IP: 192.168.1.2
    Netmask: 255.255.255.0
    Gateway: 192.1698.1.1

    On that PC begin continuously pinging 192.168.1.1.

    Move the ethernet cable coming from the PC to each port on the Intel card until you start getting replies to the pings on the PC.

    Leave the cable connected to the port that is replying.

    Was the gateway address you posted a typo (Gateway: 192.1698.1.1). I tried to follow your instructions but I get an error stating this IP address is invalid so I tried 192.168.1.1 but still unable to ping from client PC (which is actually a Mac).

    I guess I'm still not getting how these NIC cards work. When I assign interfaces on pfSense box my WAN is automatically set to WAN->rl0->208.118.25.70 (DHCP) and the LAN->fwe0->192.168.1.1

    When I set the LAN interface I get the following message:

    The IPv4 LAN address has been set to 192.168.1.0/24
    You can now access the webConfigurator by opening the following URL in your web browser: http://192.168.1.0/
    However I am unable to ping 192.168.1.1 from the client. I tried moving the cable to the third port on the NIC card but no response.

    If I reconnect my Mac to my NetGear router using the configure option 'Using DHCP' it automatically sets my IP address to 192.168.0.2, Subnet Mask: 255.255.255.0, and Router: 192.168.0.1 which is the correct router IP (I can use my browser to connect to the netgear router web gui via http://192.168.0.1/

    When I connect my Mac or other PC to the netgear router I use a regular ethernet patch cable. Since I wasn't able to connect to the pfSense router LAN port using the normal patch cable, I bought a crossover cable yesterday and tried that instead and thus, this is where I'm at today! Should I be using the crossover cable for the LAN from pfSense PC to Mac/Linux PC. I figured since all these machines where older that the did not have the auto-detect feature.

    Totally stumped, confused, and frustrated. Ugg…



  • @johnpoz:

    "I set my Mac's network configuration to 'Using DHCP' with the router address set to 192.168.1.1 "

    So when you say you set your mac to dhcp, it got a lease from your pfsense?  How did it get 192.168.1.1 as gateway - did you manually set that?

    I agree with gderf here - if you have a 3 nic card, and one clearly got a wan IP from your cable modem.  Its not clear which one of the other 2 ports pfsense would of assigned as the lan.

    So try each one.  Modern nics, ie if 10/100/1000 should do auto crossover so you should be able to just use any patch cable. And connect your PC/MAC directly too the pfsense lan interface.

    But since you mention pc and mac, don't you have a switch?  You can pick up 10/100 for like $20 these days - shoot you even might find a 10/100/1000 on sale for like $20, but $40 you should be able to find a gig switch even.

    The NIC card is an older 10/100. I think during boot I saw info about the card from around 2003 (not sure but I can reboot the pfSense box and post the NIC cards details if this will help).

    No I don't have a switch. I was hoping to get the pfSense router working then get a 10/100/1000 switch. I am trying to create a home network with the addition of a file server, HTPC, and my current Mac and Linux test PC. Unfortunately, I only have one monitor for PCs so I can't boot the pfSense box with the monitor attached and also try to setup the Linux PC to connect to it. I figured my iMac could be used instead as test client. I only have the pfSense PC, Linux test PC, and iMac at this time. Was trying to go step by step before investing into the other components.



  • @johnpoz:

    "I set my Mac's network configuration to 'Using DHCP' with the router address set to 192.168.1.1 "

    So when you say you set your mac to dhcp, it got a lease from your pfsense?  How did it get 192.168.1.1 as gateway - did you manually set that?

    I agree with gderf here - if you have a 3 nic card, and one clearly got a wan IP from your cable modem.  Its not clear which one of the other 2 ports pfsense would of assigned as the lan.

    So try each one.  Modern nics, ie if 10/100/1000 should do auto crossover so you should be able to just use any patch cable. And connect your PC/MAC directly too the pfsense lan interface.

    But since you mention pc and mac, don't you have a switch?  You can pick up 10/100 for like $20 these days - shoot you even might find a 10/100/1000 on sale for like $20, but $40 you should be able to find a gig switch even.

    My Mac could not get a lease from the pfSense router like my NetGear router does with no problems, so I tried setting it manually.


  • LAYER 8 Global Moderator

    "my WAN is automatically set to WAN->rl0->208.118.snippedforprivacy (DHCP) and the LAN->fwe0->192.168.1.1"

    Ok something not right there if your saying your pfsense setup nic 1 of your 3 nic card to rl0, it does not make sense that other nics on that card would be called fwe0

    Can you post the output of ifconfig on your pfsense

    example here is mine

    –-

    [2.1-BETA1][admin@pfsense.local.lan]/root(2): ifconfig
    em0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
           options=98 <vlan_mtu,vlan_hwtagging,vlan_hwcsum>ether 00:50:56:00:00:02
           inet 192.168.1.253 netmask 0xffffff00 broadcast 192.168.1.255
           inet6 fe80::250:56ff:fe00:2%em0 prefixlen 64 scopeid 0x1
           nd6 options=1 <performnud>media: Ethernet autoselect (1000baseT <full-duplex>)
           status: active
    em1: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
           options=98 <vlan_mtu,vlan_hwtagging,vlan_hwcsum>ether 00:50:56:00:00:01
           inet6 fe80::250:56ff:fe00:1%em1 prefixlen 64 scopeid 0x2
           inet 24.13.xx.xx netmask 0xfffff800 broadcast 255.255.255.255
           nd6 options=1 <performnud>media: Ethernet autoselect (1000baseT <full-duplex>)
           status: active
    em2: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
           options=98 <vlan_mtu,vlan_hwtagging,vlan_hwcsum>ether 00:0c:29:1e:18:90
           inet 192.168.2.253 netmask 0xffffff00 broadcast 192.168.2.255
           inet6 fe80::20c:29ff:fe1e:1890%em2 prefixlen 64 scopeid 0x3
           nd6 options=1 <performnud>media: Ethernet autoselect
           status: no carrier
    em3: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
           options=98 <vlan_mtu,vlan_hwtagging,vlan_hwcsum>ether 00:0c:29:1e:18:9a
           inet 192.168.3.253 netmask 0xffffff00 broadcast 192.168.3.255
           inet6 fe80::20c:29ff:fe1e:189a%em3 prefixlen 64 scopeid 0x4
           nd6 options=1 <performnud>media: Ethernet autoselect (1000baseT <full-duplex>)
           status: active
    plip0: flags=8810 <pointopoint,simplex,multicast>metric 0 mtu 1500
    lo0: flags=8049 <up,loopback,running,multicast>metric 0 mtu 16384
           options=3 <rxcsum,txcsum>inet 127.0.0.1 netmask 0xff000000
           inet6 ::1 prefixlen 128
           inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6
           nd6 options=3 <performnud,accept_rtadv>pfsync0: flags=0<> metric 0 mtu 1460
           syncpeer: 224.0.0.240 maxupd: 128 syncok: 1
    enc0: flags=0<> metric 0 mtu 1536
    pflog0: flags=100 <promisc>metric 0 mtu 33200
    ovpns1: flags=8051 <up,pointopoint,running,multicast>metric 0 mtu 1500
           options=80000 <linkstate>inet6 fe80::250:56ff:fe00:2%ovpns1 prefixlen 64 scopeid 0xa
           inet 10.0.200.1 –> 10.0.200.2 netmask 0xffffffff
           nd6 options=3 <performnud,accept_rtadv>Opened by PID 69319
    ovpns2: flags=8051 <up,pointopoint,running,multicast>metric 0 mtu 1500
           options=80000 <linkstate>inet6 fe80::250:56ff:fe00:2%ovpns2 prefixlen 64 scopeid 0xb
           inet 10.0.8.1 --> 10.0.8.2 netmask 0xffffffff
           nd6 options=3 <performnud,accept_rtadv>Opened by PID 73792


    notice how my nics are all called emX, maybe pfsense set your onboard nic as lan,  but nics on the same card should have the same sort of name ie RL, EM, etc..</performnud,accept_rtadv></linkstate></up,pointopoint,running,multicast></performnud,accept_rtadv></linkstate></up,pointopoint,running,multicast></promisc></performnud,accept_rtadv></rxcsum,txcsum></up,loopback,running,multicast></pointopoint,simplex,multicast></full-duplex></performnud></vlan_mtu,vlan_hwtagging,vlan_hwcsum></up,broadcast,running,simplex,multicast></performnud></vlan_mtu,vlan_hwtagging,vlan_hwcsum></up,broadcast,running,simplex,multicast></full-duplex></performnud></vlan_mtu,vlan_hwtagging,vlan_hwcsum></up,broadcast,running,simplex,multicast></full-duplex></performnud></vlan_mtu,vlan_hwtagging,vlan_hwcsum></up,broadcast,running,simplex,multicast>



  • @rmflint:

    Was the gateway address you posted a typo (Gateway: 192.1698.1.1). I tried to follow your instructions but I get an error stating this IP address is invalid so I tried 192.168.1.1 but still unable to ping from client PC (which is actually a Mac).

    Yes, a typo which I corrected.

    @rmflint:

    I guess I'm still not getting how these NIC cards work. When I assign interfaces on pfSense box my WAN is automatically set to WAN->rl0->208.118.25.70 (DHCP) and the LAN->fwe0->192.168.1.1

    When I set the LAN interface I get the following message:

    The IPv4 LAN address has been set to 192.168.1.0/24
    You can now access the webConfigurator by opening the following URL in your web browser: http://192.168.1.0/
    However I am unable to ping 192.168.1.1 from the client. I tried moving the cable to the third port on the NIC card but no response.

    192.168.1.0/24 is not a valid LAN interface IP address, it is the network address and cannot be assigned to an interface. Is this a typo?

    @rmflint:

    If I reconnect my Mac to my NetGear router using the configure option 'Using DHCP' it automatically sets my IP address to 192.168.0.2, Subnet Mask: 255.255.255.0, and Router: 192.168.0.1 which is the correct router IP (I can use my browser to connect to the netgear router web gui via http://192.168.0.1/

    You need to sort out the inconsistent addressing you are reporting here. I suggest reseting your pfsense to factory defaults from the console.

    @rmflint:

    When I connect my Mac or other PC to the netgear router I use a regular ethernet patch cable. Since I wasn't able to connect to the pfSense router LAN port using the normal patch cable, I bought a crossover cable yesterday and tried that instead and thus, this is where I'm at today! Should I be using the crossover cable for the LAN from pfSense PC to Mac/Linux PC. I figured since all these machines where older that the did not have the auto-detect feature.

    When you plug both ends of an ethernet cable into ethernet ports you must get link lights coming on both adapters. If you don't, then one or both NICs are bad, or the cable is bad, or both. Regarding straight thru patch cables vs crossover cables, connecting a NIC to another NIC requires a crossover cable unless both NICs are auto sensing. It can not possibly work if you do not have link lights on both ends.


  • Netgate Administrator

    fwe0 is a firewire interface not a proper NIC.  ;) You do not have LAN assigned to the correct NIC.

    Your Intel multiport card will probably have interfaces shown as fxp0, fxp1 etc.

    Give us the 'ifconfig' output as johnpoz asked for and this will soon be resolved.

    Steve


  • Netgate Administrator



  • Thanks to everyone. johnpoz post set off the light bulb so to speak.

    I realized after carefully watching all items during startup that even though I disabled the onboard NIC, both the onboard and NIC card where being setup and listed. When I examined the NIC aliases, I saw that lr0 was the onboard nic (which is a VIA VT6102 Rhine II 10/100 (Intel) and fwe0 is IP over Firewire, and there were 3 others listed (rl0-2) which is in fact the NIC card (RealTek 8139 10/100BaseTX). i.e.- 3 alias = 3 NIC ports!

    I reset pfSense back to factory defaults, rebooted, manually set the WAN to rl0 and LAN to rl1, connected my client (iMac) with standard patch cable, and whala! Network setup auto detected correct ip address (192.168.1.100), subnet mask: 255.255.255.0, and Router ip: 192.168.1.1, and I am now successfully connected to the web and able to access the webConfigurator via my browser.

    Thanks again to everyone! Your responses may not have be the exact fix for my situation but they did help me to ask the right questions and better understand how routers and network interfaces communicate. Yea, I can finally configure my custom PC-based firewall!!!

    @johnpoz:

    "my WAN is automatically set to WAN->rl0->208.118.snippedforprivacy (DHCP) and the LAN->fwe0->192.168.1.1"

    Ok something not right there if your saying your pfsense setup nic 1 of your 3 nic card to rl0, it does not make sense that other nics on that card would be called fwe0

    Can you post the output of ifconfig on your pfsense

    example here is mine

    –-

    [2.1-BETA1][admin@pfsense.local.lan]/root(2): ifconfig
    em0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
           options=98 <vlan_mtu,vlan_hwtagging,vlan_hwcsum>ether 00:50:56:00:00:02
           inet 192.168.1.253 netmask 0xffffff00 broadcast 192.168.1.255
           inet6 fe80::250:56ff:fe00:2%em0 prefixlen 64 scopeid 0x1
           nd6 options=1 <performnud>media: Ethernet autoselect (1000baseT <full-duplex>)
           status: active
    em1: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
           options=98 <vlan_mtu,vlan_hwtagging,vlan_hwcsum>ether 00:50:56:00:00:01
           inet6 fe80::250:56ff:fe00:1%em1 prefixlen 64 scopeid 0x2
           inet 24.13.xx.xx netmask 0xfffff800 broadcast 255.255.255.255
           nd6 options=1 <performnud>media: Ethernet autoselect (1000baseT <full-duplex>)
           status: active
    –-

    notice how my nics are all called emX, maybe pfsense set your onboard nic as lan,  but nics on the same card should have the same sort of name ie RL, EM, etc..</full-duplex></performnud></vlan_mtu,vlan_hwtagging,vlan_hwcsum></up,broadcast,running,simplex,multicast></full-duplex></performnud></vlan_mtu,vlan_hwtagging,vlan_hwcsum></up,broadcast,running,simplex,multicast>


  • Netgate Administrator

    Nice.  :)

    The on board VIA NIC should show up as vr0. It's supported by the vr(4) driver.

    Steve



  • @stephenw10:

    Nice.  :)

    The on board VIA NIC should show up as vr0. It's supported by the vr(4) driver.

    Steve

    Is there any advantage to loading this driver and re-enabling the onboard NIC? Now that I've FINALLY gotten pfSense to work as a router, I don't want to screw it up. However, I also hate to waste a usable port. I intend to connect this to a switch once I get the rest of my hardware built.

    The link to this driver contains the following:

    SYNOPSIS
        To compile this driver into the kernel, place the following lines in your
        kernel configuration file:

    device miibus
      device vr

    Alternatively, to load the driver as a module at boot time, place the
        following line in loader.conf(5):

    if_vr_load="YES"

    I'm just learning UNIX/Linux and have not attempted to recompile the kernel. With the alternate, do you know where the loader.conf file is located in FreeBSD os?


  • Netgate Administrator

    There is no need to load the driver it's already in the kernel. I was just saying that NIC should show up as vr0 if you enable it, and it should work just fine. Whatever else you are seeing during the boot sequence it's probably not that NIC. Try enabling it again in the bios and see.
    If you post the output of 'ifconfig' it will be obvious. You can run the command from the webgui in Diagnostics: Command Prompt: then you can copy/paste the result here easily.

    Steve



  • @stephenw10:

    There is no need to load the driver it's already in the kernel. I was just saying that NIC should show up as vr0 if you enable it, and it should work just fine. Whatever else you are seeing during the boot sequence it's probably not that NIC. Try enabling it again in the bios and see.
    If you post the output of 'ifconfig' it will be obvious. You can run the command from the webgui in Diagnostics: Command Prompt: then you can copy/paste the result here easily.

    Steve

    Here are my results and yes it does show up as vr0. If I re-enable it through the BIOS, could I then reassign the WAN port to this (vr0) and use the NIC card's other 3 ports for LANs?

    $ ifconfig
    rl0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
    options=8 <vlan_mtu>ether 00:30:18:ad:da:bf
    inet6 fe80::230:18ff:fead:dabf%rl0 prefixlen 64 scopeid 0x1
    inet 208.118.25.70 netmask 0xffffff00 broadcast 255.255.255.255
    nd6 options=43 <performnud,accept_rtadv>media: Ethernet autoselect (100baseTX <full-duplex>)
    status: active
    fwe0: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500
    options=8 <vlan_mtu>ether 02:30:18🆎a8:28
    inet6 fe80::30:18ff:feab:a828%fwe0 prefixlen 64 scopeid 0x2
    nd6 options=43 <performnud,accept_rtadv>ch 1 dma 0
    fwip0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
    lladdr 0.30.18.0.0.ab.a8.28.a.2.ff.fe.0.0.0.0
    inet6 fe80::230:1800🆎a828%fwip0 prefixlen 64 scopeid 0x3
    nd6 options=43 <performnud,accept_rtadv>rl1: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
    options=8 <vlan_mtu>ether 00:30:18:ad:da:be
    inet6 fe80::230:18ff:fead:dabe%rl1 prefixlen 64 scopeid 0x4
    inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
    nd6 options=43 <performnud,accept_rtadv>media: Ethernet autoselect (100baseTX <full-duplex>)
    status: active
    rl2: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
    options=8 <vlan_mtu>ether 00:30:18:ad:da:bd
    inet6 fe80::230:18ff:fead:dabd%rl2 prefixlen 64 scopeid 0x5
    nd6 options=43 <performnud,accept_rtadv>media: Ethernet autoselect (none)
    status: no carrier
    vr0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
    options=82808 <vlan_mtu,wol_ucast,wol_magic,linkstate>ether 00:30:18:a4:74:bf
    inet6 fe80::230:18ff:fea4:74bf%vr0 prefixlen 64 scopeid 0x6
    nd6 options=43 <performnud,accept_rtadv>media: Ethernet autoselect (none)
    status: no carrier
    plip0: flags=8810 <pointopoint,simplex,multicast>metric 0 mtu 1500
    pfsync0: flags=0<> metric 0 mtu 1460
    syncpeer: 224.0.0.240 maxupd: 128 syncok: 1
    pflog0: flags=100 <promisc>metric 0 mtu 33200
    enc0: flags=0<> metric 0 mtu 1536
    lo0: flags=8049 <up,loopback,running,multicast>metric 0 mtu 16384
    options=3 <rxcsum,txcsum>inet 127.0.0.1 netmask 0xff000000
    inet6 ::1 prefixlen 128
    inet6 fe80::1%lo0 prefixlen 64 scopeid 0xb
    nd6 options=43<performnud,accept_rtadv></performnud,accept_rtadv></rxcsum,txcsum></up,loopback,running,multicast></promisc></pointopoint,simplex,multicast></performnud,accept_rtadv></vlan_mtu,wol_ucast,wol_magic,linkstate></up,broadcast,running,simplex,multicast></performnud,accept_rtadv></vlan_mtu></up,broadcast,running,simplex,multicast></full-duplex></performnud,accept_rtadv></vlan_mtu></up,broadcast,running,simplex,multicast></performnud,accept_rtadv></up,broadcast,running,simplex,multicast></performnud,accept_rtadv></vlan_mtu></up,broadcast,running,promisc,simplex,multicast></full-duplex></performnud,accept_rtadv></vlan_mtu></up,broadcast,running,simplex,multicast>


  • Netgate Administrator

    Yes you can do that.

    You might want to disable the firewire in the bios if you have that option. It's probably not causing any problems but it might reduce confusion in the future.

    Steve



  • Personally, I would not bother bridging multiple ethernet ports on my pfSense just to get a few ports in the same LAN subnet. You will probably end up with more LAN devices to connect (WiFi access point, NAS, cabled computers…) than you have ports in your pfSense box anyway, and will have to have a switch anyhow. It is easiest to connect a switch to the single LAN port on the pfSense, and connect everything else to the switch.
    Then further down the track, if you want to have a separate guest network etc, you can easily use a spare ethernet port on your pfSense to make a separate subnet for guests and so on.


Log in to reply