Install and configured (non-working internet)
-
Hey all I am new with setting up pfsence and need some help.
I have attached some images to my post of my current setup. Basically I installed version 2.2 without any issues but not sure how to configure it after that.
My setup consists of:
Atom motherboard http://www.miniboard.cn/en/ProductShow.asp?id=198
8 LAN ports
4gb ddr3 ram
128 gb ssdPer my attached screenshots it seems I only have eo1 enabled with an address (lan) while the WLAN has no ip.
The WLAN port is hooked to a UniFi
AP-AC via Poe Ethernet connected to en1(first orange cable next to blue cable). The LAN is connected to en0(blue cabled) which is my fiber optic internet line. The other Ethernet ports will just be hooked to a gigabit switch.Could someone give me some step by step guide to setting this up for my particular setup?
-
why would you need so many lan ports, are you going to have a lot of segments? Are you going to lagg them?
"The LAN is connected to en0(blue cabled) which is my fiber optic internet line"
Why would you connect your LAN to your internet? That would be the WAN interface of pfsense.
-
why would you need so many lan ports, are you going to have a lot of segments? Are you going to lagg them?
I was looking around the forum before i purchased hardware for the PFSense and this motherboard was talked about a lot as being the best to use since it had so many Intel LAN ports. I really have no idea why it was but it was recommended so i bought it. I figured having 7 ports connected to my switch would be better than one to the switch.
"The LAN is connected to en0(blue cabled) which is my fiber optic internet line"
Why would you connect your LAN to your internet? That would be the WAN interface of pfsense.
You're correct. I don't know what i was thinking… I did find out that the Ethernet port that's all alone (the one with the blue Ethernet cord) did not work. I'm guessing thats because it may not be part of the intel ports all other 8 are.
Hooking the internet line up to em0 and the other em1 to a switch then from the switch to my testing PC worked. However, i am not getting any internet connection. I can log into the pfsense just fine but was unable to surf to like google.com.
My WAN ip is the IP from my internet provider xxx.xx.xxx.xxx and i setup my LAN with 7.7.7.1.
-
My WAN ip is the IP from my internet provider xxx.xx.xxx.xxx and i setup my LAN with 7.7.7.1.
So you're setting this up for the US DoD?
NetRange: 7.0.0.0 - 7.255.255.255
CIDR: 7.0.0.0/8
NetName: DISANET7
NetHandle: NET-7-0-0-0-1
Parent: ()
NetType: Direct Allocation
OriginAS:
Organization: DoD Network Information Center (DNIC)
RegDate: 1997-11-24
Updated: 2006-04-28
Ref: http://whois.arin.net/rest/net/NET-7-0-0-0-1Why not just leave it at the default of 192.168.1.1. It was ALL set up to work out-of-the-box and you had to go mess with it.
-
…
I figured having 7 ports connected to my switch would be better than one to the switch.
...?? What are you constructing ??
-
What screenshots would you need to see from my setup in order to determine where i am not setting up something correctly?
-
" i setup my LAN with 7.7.7.1."
Dude - that is just WRONG.. unless you own public IP space you should be using rfc1918 on your lan. If you don't like the default 192.168.0.0/24 then use any of the other of millsions of networks you could use 10.x.x.x/? 192.168.x.x/?, 172.16-31.x.x/?
You can not just pick some random public IP address range ouf of thin air and use it..
And again why would it be better to have 7 to your switch vs 1? Again are you going to be lagging them, do you plan on having more than 1 segment, do you even know what a segment/vlan is? Do you have a switch that supports vlans?
Yes I would love a board that has 8 nics to use as a router - but don't really need that many in most setups.. Could of saved some bucks if you don't have use of that many nics. Ethernet ports in nic cards are not switch ports!!!
-
What screenshots would you need to see from my setup in order to determine where i am not setting up something correctly?
Software pfSense tab-pages, specifically from 192.168.9.1 :80 ?, preferably from 192.168.1.1 :80
- Interfaces: Assign network ports
- Status: Interfaces
- Interfaces: WAN
- Interfaces: LAN
[Or maybe your hardware of 7 switches(16) for 7 LAN's for 105 workstations or the like.]
-
More importantly, is that a picture of Chef Emeril Legasse in the last two images?
-
More importantly, is that a picture of Chef Emeril Legasse in the last two images?
lolz i had to zoom into the photo priceless ;D
-
Seven LAN ports…BAM!
;)
-
Would those who are serious here on this forum to help others please PM me so that I can not waste my time reading stupid reply's that help me 0% to my original question for help. Thanks.
-
Reset to factory.
Configure your WAN.
Leave LAN at default.
Plug a computer into LAN.
You'll be online.
Then add one system at a time. No need to fart around with a wireless access point if you don't have working internet yet.
-
Reset to factory.
Configure your WAN.
Leave LAN at default.
Plug a computer into LAN.
You'll be online.
Then add one system at a time. No need to fart around with a wireless access point if you don't have working internet yet.
Thanks for the helpful advice, Derelict.
Now what do i need to set the other LANs 3-8 to/as so that it mimics like LAN 2 is currently set to?
-
How am I supposed to know what LAN 2 is currently set to?
Assign the interface
Edit the interface, assign an IP address/subnet
Edit DHCP to match
Create firewall rules
-
How am I supposed to know what LAN 2 is currently set to?
Assign the interface
Edit the interface, assign an IP address/subnet
Edit DHCP to match
Create firewall rulesLan2 is set to 192.168.1.1 (static) (with a DHCP range from 192.168.1.10 to 192.168.1.254 with submask set to 255.255.255.0).
So I am guessing that Lan3-8 should be something like this:
Lan3 set to (static) 192.168.1.2
Lan4 set to (static) 192.168.1.3
Lan5 set to (static) 192.168.1.4
Lan6 set to (static) 192.168.1.5
Lan7 set to (static) 192.168.1.6
Lan8 set to (static) 192.168.1.7Would that be correct? I tried a few things last night but once i unhooked LAN2 (but still had LAN3 connected) it didn't seem to have internet nor admin panel connection any longer.
-
So I am guessing that Lan3-8 should be something like this:
Lan3 set to (static) 192.168.1.2
Lan4 set to (static) 192.168.1.3
Lan5 set to (static) 192.168.1.4
Lan6 set to (static) 192.168.1.5
Lan7 set to (static) 192.168.1.6
Lan8 set to (static) 192.168.1.7Why are you guessing anything? There's no guessing involved in this field. It's all standards-based with precise rules on how you do things. You will need to understand IP subnetting to make this work.
Lan3 set to (static) 192.168.2.1
Lan4 set to (static) 192.168.3.1
Lan5 set to (static) 192.168.4.1
Lan6 set to (static) 192.168.5.1
Lan7 set to (static) 192.168.6.1
Lan8 set to (static) 192.168.7.1
-
Do you even have one LAN port passing traffic to WAN yet? I haven't seen a posting indicating that is the case yet.
Have you read the basics of how to write firewall rules? Do you have any understanding of IP routing?
If not, connecting and trying to bring up all 6 other interfaces is going to do nothing but make your pfSense firewall an over-complicated mess. You've got to walk before you run.
Work on getting the interfaces up one at a time. No, 7 is not better than 1, it's just more complicated and prone to failure if you don't know what you're doing (and why you're doing it).
pfSense is not a switch, its a firewall.
-
I am with almabes here - why are you trying to bring up all of the interfaces at once?? Get your 1 wan and 1 lan working - then play with the others. Do you even have a smart/managed switch that will allow you to run all those other segments 192.168.6, 192.168.7 etc..
Or you do you plan on running 7 different segments over the same physical wire?
-
Can you draw out what you want your network to look like? I'm much better with visuals than text descriptions.
If you're going to set up a network that has a WAN, LAN, and WiFi, you only need three ports. If your switch is a layer 3 switch, you could create VLANs on your LAN, but that's only if the switch will support it. Otherwise, those additional NICs will sit unused. There is no technical advantage to having more than one NIC on your switch, and it can actually cause problems if you misconfigure something (like not properly creating VLANs and firing up two DHCP servers).
So if you can help me understand what you want to do, it'll be easier for me to get you there.
-
To all of your questions:
Yes, WAN and my first LAN1 works. I have internet and the PC thats connected to a netgear switch is assigned the correct IP range.
I tried following these sets here:
https://www.all4os.com/router/bridge-multiple-lan-portsnics-to-act-like-a-router-in-pfsense-2-1.html
Step 1: Assign an individual IP for all NICs by going to 'Interfaces → Assign'. Important!
Note: Only set up a IPv4 address for each NIC.Step 2: Set up DHCP on NIC1 by going 'Services → DHCP server'
Step 3: Bridge other NICs by going to 'Interfaces → Assign → Bridges' and set up an IP for the interface.
Note: Do not include WAN and NIC1.Step 4: Create a interface groups by going to 'Interfaces → Assign → Interface Groups'.
Note: Include all NICs and Bridge interface in "Member (s)", do not include WAN.Step 5: Change the default firewall rule under NIC1 to all NICs interfaces to avoid being locked out by going to 'Firewall → Rules'
Note: Change the Interface from NIC1 to the Interface groups which is created in Step 4.Step 6: Enable DHCP on the bridge interface by going to 'Services → DHCP server'.
Step 7: Disable DHCP on NIC1 by going to 'Services → DHCP server' and include NIC1 into the bridge which is set up in Step 3 by going to 'Interfaces → Assign → Bridges'.
Step 8: reboot and test.
And when i disconnected LAN2 and still have LAN3 connected it went offline and i was unable to log into the PFSence box or browse the internet.
What I am wanting to do is this:
Have all LANs 2-7 as DHCP so that, say, if i disconnect LAN2 from the switch its connected to then the PC(s) that are using that switch still have LANs 3-7 connected to that switch to stay online with (no downtime since it still has those other connections from the PFSense box).
The switch i will be using is the NETGEAR 24 Port Gigabit Business-Class Rackmount Switch - JGS524.
-
You need 6 interfaces in failover – REALLY?? 6 of them??
Kind of pointless to have 6 lan failover ports with 1 wan.. What happens when that wan fails, then your 6 failover ports are kind of completely pointless and useless..
Your switch JGS524 is what they call a DUMB switch, not managed no VLAN support switch.. You can not do anything with that piece of junk. No lagg, no vlans, have to to assume no stp (spanning tree) see see no mention of it in specs - but yeah lets connect 6 interfaces in a bridge to a non spanning tree dumb switch.. Fantastic idea :rolleyes:
-
stealthrt - the truth is that in your case you don't need all those LAN ports in pfSense. Anything you're trying to do with the extra ports, will do more harm than good.
What you could actually do with them, is to create separate networks (using separate switches) with each LAN port to separate traffic of those networks from each other. You could run a network separately for your kids, one for yourself, one for your neighbor, one for wifi, etc.
Do you intend to use it like that? If yes, you may need many ports.If not, one single WAN and one single LAN are enough. You don't need to use the others.
-
The only way you can connect more than one of those LAN ports to your switch is as part of a LAGG but it seems like your current switch doesn't support that. Connecting more than one port currently would be a bad idea.
You can configure the ports in a bridge as you described and then connect other clients to that directly if you want. Others here will tell you it's a waste of ports though and not as good as using a real 8 port switch.
Are you able to connect a client to any of those other LAN ports and get internet access?Steve
