Mental check? - Multi-LAN Setup
-
Hi,
I am formulating a plan to enable multi lan on my pfsense box.
At present I have a simple 2 interface Lan & Wan setup running on an Esxi VM.
Lan = 192.168.100.5/24
Wan = 192.168.0.5Pfsense is running as a firewall with snort, pfblocker, mailscanner. DHCP and DNS being served from a device inside the Lan.
I want to keep this setup and add an additional nic and different lan subnet to pfsense.
I've checked out: https://doc.pfsense.org/index.php/Multi-LAN_Setup and I know how to add the nic in esxi.
So my questions are:
How to I add the new nic as it was not present when I first installed pfsense?
Can I install and config DHCP and DNS on pfsense to only serve the new nic? (I do not want the Lan DHCP & DNS to be used).
Will I be able to setup snort and pfblocker to monitor the new nic as well?
Lastly :) Any particular pitfalls I should consider or be aware about?
Thanks heaps in advance and cheers
-
Its a VM why would you need to and another nic, but not use the first one?
Vs adding this new nic and assigning it to OPT, just assign it to lan
-
Hmm…didn't think about using the same interface in VM :)
Don't ask me why but with some things I prefer to use a single physical interface for a single purpose....maybe I'm kidding myself more thinking it's more secure and faster :D (ok I fess'd up so no need to ask at all now ;D )
Anyhow...I do run another pfsense box which is not a VM so adding in a new nic into an existing install would still be required.
Cheers
-
So I have added multiple nics both physical and virtual to my esxi host and to the pfsense vm.
So depending on what vswitches you connect your physical too and then how you assign them in pfsense doesn't really matter. You can assign whatever nic you want to the lan, or opt, etc.
So when I first brought up pfsense virtual it had em0 and em1 – I then added 2 more virtual nics in esxi. em2, em3 -- see how assigned in screenshot attached.
The you can assign them to whatever vswitches you want in esxi, does not matter if physical nic on this switch or not - for example my dmz vswitch does not connect to the physical world. But pfsense sees it as interface on my lan, etc.
When you add new virtual nics to the vm, reboot pfsense and it will see them - then you can assign them however you want in pfsense.