Wan Port in Vlan



  • I have only two NIC in my server. I am trying to set up following and do url filtering

    sw (vlan 100 )  –---> lan [pfsense ]  wan –------> sw ( vlan 100 )

    But I can't find  any way to add wan port in vlan 100.  Doesn't pfsense support wan port as layer 2 ?

    Can squidguard/ dansguardian filter url in this setup ?

    Thanks
    Jasim



  • @jasim:

    But I can't find  any way to add wan port in vlan 100.  Doesn't pfsense support wan port as layer 2 ?

    I think you looked at the wrong tabs in the Web GUI. You don't add a tag to your WAN interface, it's done differently.

    Create a VLAN interface at  Interfaces | (assign)  on the VLANs tab.
    On the  Interfaces assignments  tab give your interface (WAN) the newly created VLAN as Network port.

    Remember to not mix tagged and untagged traffic on the same physical interface (e.g. make your LAN a tagged VLAN as well). And don't use VLAN ID1 for anything else than nothing.

    But why don't you just use the two NICs you have as WAN and LAN?



  • sw (vlan 100)  –---> lan [pfsense ]  wan –------> sw (vlan 100 )

    In that case you must bridge the ports together, but I really want prevent to do this really.
    Often this is causing then more problems then it solved problems.

    • flapping ports
    • packet drops
    • packet loss

    Or you disable NAT at the WAN port and enables only plain routing this could be also a workaround
    to drive VLANs at the WAN port.


Log in to reply