2 lan ports?



  • I have 1 wan and 2 lan ports but am having problems setting up a bridge? I want to be able to connect more equipment to my lan using opt1. I have played for hrs trying to figure this out? it is possible to have 2 lan ports? I have tried a bridge but its not working? Please help.

    THANKS



  • Why don't you use a simple switch connected to LAN?


  • Rebel Alliance Global Moderator

    ^agree 2nd interface is for a different segment, I find it hard to believe you don't have a switch connected to 1st lan interface?  You only have  1 device connected to pfsense?

    Here is the thing if you need more ports, SWITCH!!!  If you need a router interface - then sure another nic in pfsense.  Pfsense is not a SWITCH, it is designed to route and firewall traffic not switch traffic ;)

    While it is possible to bridge interfaces - the performance will never be anywhere close to what even the cheapest $20 switch does..

    That being said – how difficult is going to interfaces bridging, click the little + sign and clicking on the 2 interfaces you want in the bridge??  Other than you stating you have played with it - what have you actually done that you feel should make a bridge?




  • Thank You. I have a switch. I will use it. Im actually trying to connect a router running dd-wrt to the pfsense router and thought it would be better to use another port.

    but

    PFSENSE
    NIC1        NIC2
    (WAN)      (LAN)
                      (SWITCH)
                              (PC'S,PRINTERS,VOIP PHONES)
                                (Second Router Connected To Switch)

    will work. THANKS


  • Rebel Alliance Global Moderator

    So you want to use this 2nd router as AP?

    Is there any reason your wireless, AP and clients can not be on second segment?  This is actually more secure setup - now you can firewall your wireless from your wired network.

    Just create new network segment on 2nd lan nic in pfsense, say 192.168.2.0/24 and plug in your router as an AP and away you go!!



  • No there is not and i think i got it working.

    192.168.1.1 – lan
    192.168.2.1  --- opt1

    I assigned 192.168.2.1 to opt 1 and i went to nat rules under the tab opt1 and set it identical to the two ipv4/ipv6 lan rules and instead of using "lan net" i used "opt1 net"

    I set the dhcp server for opt1 to 192.168.2.10 to 192.168.2.254.

    Then connected the router running dd-wrt in ap mode to OPT1.

    I gave the router an ip of 192.168.2.2 out of the dhcp range of the pfsense router. Also, all nat and dhcp services are disabled on the dd-wrt router.

    Everything seems to be working good and i believe i now have a wireless network to go with my pfsense router without buying a pcie card.

    My only question is regarding setting up the opt1 interface. Do i need the nat rules i described earlier or just need to add a static ip and set the dhcp server?

    the 2 nat rules i have under opt1 are

    IPV4    OPT1    *    *      *    none

    IPV6    OPT1    *    *      *    none

    Is this correct? By the way thank you what u said earlier made sense i just need something like to get the idea of what i needed to do. Great Help!



  • Seems good. You have the right ideas about turning off DHCP… on the AP and letting pfSense OPT1 service all that.
    If you had put no rules on OPT1 then no traffic would have got out - no internet, no access to devices on LAN. If your requirement is that any device on OPT1/AP can access anything in LAN and anything on the internet then those pass rules do it.
    If you want to restrict access between LAN and OPT1 then you will need to have block rule/s... to implement that.
    It all depends on your requirement.


  • Rebel Alliance Global Moderator

    So your NAT is set to manual vs AUTO??  In the auto configuration there pfsense would of created the rules for you.  All you would need to do is give opt1 an IP, and if needed enabled dhcp server.  Make sure your dns forwarder is listening on opt1 interface if you had changed that to only listen on lan.

    And then sure create whatever firewall rules you desire on the opt1 interface.

    Now you have a wireless segment that you can filter or not filter between your lan, etc.  Your only issue might run into is if wireless clients need to broadcast for devices/services on your lan..  Say AirPrint or something to your printers on your wired network.



  • everything is working but how would you auto configure nat rules for opt1 or a second lan subnet?

    THANKS SO MUCH


  • Netgate Administrator

    As Jon said above if you leave outbound NAT set to automatic the rules will be added automatically when you assign a new interface or change the assignments.

    Steve