1 WAN and 1 LAN (with 3 NIC's accessing the same subnet on the LA

  • Problem:
        I have a simple P4 with 4 GB NIC's. I want to create 1 WAN and 1 LAN (with 3 NIC's accessing the same subnet on the LAN).
    What I have done:
        After the initial setup, and assigning the other NIC's as OPT1 and OPT2, I then created a bridge with OPT1 and OPT2. (i can not include LAN in this bridge yet (both OPT1 ans OPT2 are enabled)). Now back to assigning, changed the LAN -> bridge0 and OPT3 -> MAC address of the NIC from the LAN. Now that this is done you loose connection with the device. Next is to assign interfaces at the console (option 1) select the LAN witch is now pointed to bridge0 and assign and enable DHCP. Unplug the PC from the NIC and plug it into OPT1 or OPT2 (I found a reboot of the pfsense box helps at this pointoption 5). After the reboot you can log back into the web gui. under the assign=>bridge edit the bridge0 and include OPT3 (remember OPT3 was changed to the MAc address of the original LAN). This is now what is on the console screen

    WAN (wan) -> em0 -> v4/DHCP4:
        LAN (lan) -> brighe0 -> v4:
        OPT1 -> em1 ->
        OPT2 -> em2 ->
        OPT3 -> em3 ->

    This is working to an extent. I am able to get a DHCP address and access the web gui from all three NIC's, however I am unable to brows the web via IE, Firefox, or Chrome. I can access the web gui of the moden at, this tells me I can get from LAN to WAN I can even ping google, ebay and other sites

        Did I Set this up incorrectly?
        Do I need further setup with the firewall rules?
        Did I just miss a step?

    Your help is greatly appreciated
    Thank You

  • Why do you want 3 Gbit interfaces on the same subnet?? If you plan to use this a switch, let me tell you that  usually what takes more processing power out of a system is the capability of passing traffic from one interface to another. With a "simple P4" I don't think you will achieve Gbit speeds, and even if you do it won't be the most efficient setup ever… (I'm not sure on the performance hit when bridging though)

    Anyway, if you didn't change any system tunable, firewalling it is still done on the member interfaces. I suggest to make the following changes in the system tunables so you can filter directly on the bridge:

    Set net.link.bridge.pfil_member to 0
    Set net.link.bridge.pfil_bridge to 1

    Before you do that make sure you add the proper firewall rules on the BRIDGE interface so you can access the GUI!!!

    Also make sure your Outbound NAT rules are properly set, if applicable

  • I'm not sure how much processor use there will be. I have 1 NAS that I would like to have on 1 NIC and my PC on one and the rest on the other (by the rest i mean 3 PC's, 3 XBOX's, an iPad and some other wifi devices) these are currently on 1 NIC. It is NAS that I am most interested in having it own NIC. As far as the CPU usage I will have to monitor that.

    My current set up is a Dual AMD Opteron 250 with 8gb of ram. I will remain using this, the P4 is just a test unit.

    Thank you for that input, I Set those and I have web browsing.

  • @nightwalk74:

    It is NAS that I am most interested in having it own NIC.


Log in to reply