Basic Motherboard/NIC Question



  • Hey Everyone,

    I'm really new to building networks so these questions are really basic.  I hope you guys don't mind.  I had pfSense running on an old machine with several PCI NICs because I thought I needed all of them in order to connect all of my devices.  It died a few months ago and I want to do a rebuild that is less power hungry.  I saw a video on Youtube of a guy that made a pfSense box using an Intel DQ77KB and just the onboard dual NICs.

    https://www.youtube.com/watch?v=b1OBnn2pKzg

    Would duplicating this build be an option for me if I have multiple wired devices on the network?  If so, what additional hardware/pfSense settings would I need to use?

    Thanks!



  • You only really need the two nics in your case.  WAN and LAN.. Uplink your LAN port to a switch and you're golden.



  • The part I suspect that is tripping you up is the fact that most home routers (Linksys, Netgear, etc.) have 1 WAN port plus 4-8 LAN ports on the back, correct?  If so, what those actually have is a single, internal LAN port with a switch behind it which gives you multiple ports to work with.

    What you really want is a network switch.  Make sure you get one that is Gigabit.  For reasons I don't understand, it's still possible to buy 10/100 gear…



  • Thanks roccor and Jason.  I appreciate it.

    Jason - You're right.  I thought I needed to have a port for each device so I bought 4 NICs for my last build.

    As far as allowing some devices to access the Internet and restricting others, is that where VLANs comes in?

    Also, if there are any good books I can use to learn more, definitely let me know.



  • @jonnyq888:

    I thought I needed to have a port for each device so I bought 4 NICs for my last build.

    Nothing wrong with that ether—one box fewer to take care of.



  • @jonnyq888:

    Thanks roccor and Jason.  I appreciate it.

    Jason - You're right.  I thought I needed to have a port for each device so I bought 4 NICs for my last build.

    As far as allowing some devices to access the Internet and restricting others, is that where VLANs comes in?

    Also, if there are any good books I can use to learn more, definitely let me know.

    VLANs for access control could be used, but it's not strictly necessary, and it could be detrimental to your performance if those VLANs need to talk to each other.



  • @Jason:

    @jonnyq888:

    Thanks roccor and Jason.  I appreciate it.

    Jason - You're right.  I thought I needed to have a port for each device so I bought 4 NICs for my last build.

    As far as allowing some devices to access the Internet and restricting others, is that where VLANs comes in?

    Also, if there are any good books I can use to learn more, definitely let me know.

    VLANs for access control could be used, but it's not strictly necessary, and it could be detrimental to your performance if those VLANs need to talk to each other.

    So if I have a media server that I would like all devices in the network to be able to access but that I do not want to allow directly on the Internet, is it best to use some other method of access control?


  • Netgate Administrator

    Putting your media server on a separate interface, a separate NIC or VLAN, is the most secure way sure. However if you just want to stop it accessing the internet you can do that with firewall rules and a static DHCP lease or static IP.

    Also when you say 'on the internet' do you mean able to connect to the internet or do you mean is accessible from the internet? Nothing on your LAN is accessible from the internet unless you have specifically added rules to allow it.

    Steve



  • @stephenw10:

    Putting your media server on a separate interface, a separate NIC or VLAN, is the most secure way sure. However if you just want to stop it accessing the internet you can do that with firewall rules and a static DHCP lease or static IP.

    Also when you say 'on the internet' do you mean able to connect to the internet or do you mean is accessible from the internet? Nothing on your LAN is accessible from the internet unless you have specifically added rules to allow it.

    Steve

    Thanks, Steve.  I just want to make sure that it is not accessible from the Internet so it sounds like pfSense will have the covered by default.


  • Netgate Administrator

    Yes, all incoming unsolicited traffic is blocked by default.

    Depending on what your server is it may try to open holes in the firewall via UPNP but that too is disabled by default. Something to be aware of if ever enable UPNP for some other reason.

    Steve





  • I am also rocking a Intel I350-T2 over here, rock solid from the day of snapshot 2.1.