Single NIC install



  • i am looking to add pfsense to an existing network (can't change the existing firewall appliance) simply as a DNS server.  i would be installing pfsense onto a computer with a single NIC.  it is a small form factor computer, no space for a second NIC, unless i purchased a usb adapter. can i install with a single NIC or will it complain because there isn't a NIC for WAN and LAN?



  • It will work just fine with the one LAN NIC for that purpose.


  • Rebel Alliance Global Moderator

    Pfsense to be honest would not be a great choice for just a dns server.. Install some minimal OS and then run just clean Bind install would prob be a better option.. Is there are features of pfsense that you also want to leverage?

    But yes pfsense can run with just a single interface.



  • @KOM:

    It will work just fine with the one LAN NIC for that purpose.

    thanks

    @johnpoz:

    Pfsense to be honest would not be a great choice for just a dns server.. Install some minimal OS and then run just clean Bind install would prob be a better option.. Is there are features of pfsense that you also want to leverage?

    But yes pfsense can run with just a single interface.

    thanks.  i am familiar with pfsense due to having it installed in other locations.  i just need a basic DNS server, nothing that advanced.

    just to be clear, during install, pfsense won't complain about having 1 NIC? i thought i remember that being an issue, long ago, when i tried installing with 1 NIC (the second NIC wasn't responding, i didn't know that…it was a bad NIC).



  • Assigning only WAN has been fine for 6-7 years now, all 2.x versions. Prior to that, LAN and WAN were a requirement (though some people ran single interface back then too just assigning a dummy VLAN as the unused LAN).



  • @cmb:

    Assigning only WAN has been fine for 6-7 years now, all 2.x versions. Prior to that, LAN and WAN were a requirement (though some people ran single interface back then too just assigning a dummy VLAN as the unused LAN).

    thanks.



  • @cmb:

    Assigning only WAN has been fine for 6-7 years now, all 2.x versions. Prior to that, LAN and WAN were a requirement (though some people ran single interface back then too just assigning a dummy VLAN as the unused LAN).

    i misread this post, i don't need the WAN port, i'd like to use a single LAN port.  i did the install but will i be able to change the NIC to LAN instead of WAN?


  • Banned

    No. (Why does it matter, though?)



  • @doktornotor:

    No. (Why does it matter, though?)

    i will have it on the LAN acting as a local server.  i suppose i could keep it on the WAN interface but i will have to rename it and make sure the rules are not an issue (by default, isn't there a rule on the WAN side set to block the common private networks)?

    edit- this is my first time setting up a pfsense with 1 NIC, i might be overlooking something.  i am going to try a few things, i should be able to figure it out.  however, if i am missing something obvious, feel free to share.

    thanks.


  • Banned

    If you are going to use this as a DNS server appliance on LAN - wouldn't this be behind a firewall already? Can really just turn off the packet filter altogether.



  • @doktornotor:

    If you are going to use this as a DNS server appliance on LAN - wouldn't this be behind a firewall already? Can really just turn off the packet filter altogether.

    yeah, it will be. when i do that, does it default to a LAN or WAN interface? i have never set it up this way, still a learning process.  thanks.

    ok, i am missing something.  after the initial config, i end up getting locked out of the firewall.

    i am setting the WAN to 192.168.105.5 from the console page, logging in from my laptop (directly connected to the PC) and i can get into the interface.  once i run through the wizard (make sure to not block private networks, top box) it takes my changes and after a few minutes i can't get back in.  do i need to disable something on initial web GUI login?


  • Banned

    WAN. And you shouldn't end up locked out of the firewall. When you only assign WAN, then access is allowed on WAN until you create another interface. Though, as said, just can disable the packet filter altogether. The wizard is not really useful for this type of setup, just skip it.



  • @doktornotor:

    WAN. And you shouldn't end up locked out of the firewall. When you only assign WAN, then access is allowed on WAN until you create another interface. Though, as said, just can disable the packet filter altogether. The wizard is not really useful for this type of setup, just skip it.

    yeah, i found my problem.  i was setting up the LAN interface (didn't refresh the thread) and that was my issue.  i will setup the WAN with the LAN IP i want to use.  then disable the packet stuff.  i have not looked into where that is, but i am sure it cant be hard to find.

    also, i was just running through the wizard for the basics/habit.  thanks again.


  • Banned



  • @doktornotor:

    yep, i found that moments after my last post (thank you for taking the time to post a screen shot).  the issue i am running into now is that i can't ping the pfsense box.  obviously, the rules don't work.  how can i enable ping so i can ping from my LAN devices?


  • Banned

    Well, seems like you are doing something basic very wrong. With pf off, there's really nothing to block packets.



  • @doktornotor:

    Well, seems like you are doing something basic very wrong. With pf off, there's really nothing to block packets.

    i thought it would start resolving pings as soon as i checked that box and saved the settings.  i rebooted the firewall just to be certain…nothing.  the pfsense box works, it is acting as DHCP and DNS server handing out addresses and resolving name lookups, but i can't ping it.  1 NIC on the pfsense box plugged directly into my network switch.  odd.

    edit- it works, i tried with another computer.  the computer i was doing my initial setup with has a flaky NIC card.  i am getting replies...ok, seems to be in normal operation having testing from a pc with a working NIC.  thanks again.



  • can someone explain this?

    i set the DHCP server to hand out the following address as the gateway, 192.168.1.1

    the pfsense box is 192.168.1.20 and its gateway is 192.168.1.1

    when a computer obtains an IP address, the gateway address that i set, 192.168.1.1, is not handed out, it hands out 192.168.1.20.

    why is it doing that?

    thanks.

    edit- if i manually assign 192.168.1.1 as the gateway on a device, it works, i am not sure why the  DHCP settings i set in pfsense are being overwritten by pfsense.



  • @tdhuck:

    can someone explain this?

    i set the DHCP server to hand out the following address as the gateway, 192.168.1.1

    the pfsense box is 192.168.1.20 and its gateway is 192.168.1.1

    when a computer obtains an IP address, the gateway address that i set, 192.168.1.1, is not handed out, it hands out 192.168.1.20.

    why is it doing that?

    thanks.

    edit- if i manually assign 192.168.1.1 as the gateway on a device, it works, i am not sure why the  DHCP settings i set in pfsense are being overwritten by pfsense.

    any ideas?



  • you seem to misunderstand something.

    why do you want to hand out a different gateway IP address via DHCP?



  • @robi:

    why do you want to hand out a different gateway IP address via DHCP?

    Probably because pfSense isn't the gateway … (yeah, go figure why ... ;))



  • @robi:

    you seem to misunderstand something.

    why do you want to hand out a different gateway IP address via DHCP?

    pfsense was added to this network to test out a few things, i have no intentions of keeping it here, long term. everything went fine other than this minor issue with the gateway address.



  • I just changed the setup of the DHCP IPv4 server (running from the default 192.168.1.1 on LAN)
    "Gateway" was empty, I filled in "192.168.1.254" and restarted the DHCP IPv4 server on pfSense.

    I ripped out the RJ45 from my computer, and put it back in (my PC requested a new IP among others).

    Guess what, the IP handed out was the same, DNS was still 192.168.1.1 but the Gateway was … 192.168.1.254  ;D
    Yes .. my setup isn't broken - pfSense worked ... again.



  • @Gertjan:

    I just changed the setup of the DHCP IPv4 server (running from the default 192.168.1.1 on LAN)
    "Gateway" was empty, I filled in "192.168.1.254" and restarted the DHCP IPv4 server on pfSense.

    I ripped out the RJ45 from my computer, and put it back in (my PC requested a new IP among others).

    Guess what, the IP handed out was the same, DNS was still 192.168.1.1 but the Gateway was … 192.168.1.254  ;D
    Yes .. my setup isn't broken - pfSense worked ... again.

    maybe i need to restart the service, let me see.



  • @Gertjan:

    I just changed the setup of the DHCP IPv4 server (running from the default 192.168.1.1 on LAN)
    "Gateway" was empty, I filled in "192.168.1.254" and restarted the DHCP IPv4 server on pfSense.

    I ripped out the RJ45 from my computer, and put it back in (my PC requested a new IP among others).

    Guess what, the IP handed out was the same, DNS was still 192.168.1.1 but the Gateway was … 192.168.1.254  ;D
    Yes .. my setup isn't broken - pfSense worked ... again.

    :)

    didn't even think to restart the service, that did it, gateway is now showing at the correct address.  thank you.