IPV4 network question



  • I have a 4 port card installed in my machine, I was trying to set the IP addresses on them using the the same network range, I keep getting errors about address overlaps.

    1 port on the card is say, 192.168.0.1 and I wanted to add another port on say 192.168.0.10 both using 24 bit mask, I can see why it is complaining, but without restricting the hosts per subnet, is there a way around this without breaking up into multiple subnets?

    I know, I am going to get some comments on why I want to do this, but I am trying to simplify a connection to a wireless connection to another building I have while keeping everything on the same network but making it somewhat secure.


  • LAYER 8 Global Moderator

    Oh freaking gawd why do people think ports on a router are switch ports??  If you want ports all on the same network, plug that connect to your other building into your switch that is on that network… Why do you think it needs to use a firewall/router interface?

    Do you not have a switch where your clients are connected in building 1 on 192.168.0/24 ??

    How you put interfaces on the same network would be with a bridge..  But this NOT a switch port..  If you want devices on the same network, and do not want to firewall traffic between them then just use a switch port.. There is no reason to use a valuable router port on your firewall... When switch ports are faster and cheaper!!!



  • I am not trying to use it as a switch, if that was the case, yes I could certainly use a switch.  It is a Ubiquity wireless gateway, long range that I use, I do not want it to have direct access to my network via a switch for security reasons.

    Just looking for a way to make this secure, if you know what I mean.  Maybe I should just setup another range and route between the two, thought just maybe I could do this another way.

    Edited the switch comment** use a switch as appose to use it as a switch.


  • LAYER 8 Global Moderator

    So you want to filter on your bridge then?  What filters do you want to put in place?

    if your going to Filter the traffic.. Ie you don't want free open access to the 192.168.1.0/24 that is building 1 from building 2, etc..  Then why not just a different network segment?

    What do you think you get by putting them on the same network and then filtering said traffic other then a more complex setup then if it was just another network segment??



  • The low down is this, and I am not too sure how to proceed with it.  I have a Ubiquity 2.4 Ghz connection to Comcast line of site at the building, I then have another wireless Ubiquity connection from that building to my house, my house is not in line of site with the Comcast connection, hence the other building.  I still need to keep access to the Ubiquitys built in webpage, changing the range would be a pain to access the built in webserver…. at lease past experiences would dictate to me.

    I am not a guru with networking, I am not a guru with PFSence, I find my way around it all ok and read some good information on here.  Routing for me is a pain, but I will try and find a way to make it work while being as simple as possible.

    I know this is making you scratch your head, and I am sorry for that.  I will attempt again to put it on a different network and work on the routing side of it...

    I appreciate your time and efforts to help me fix this weird issue.


  • LAYER 8 Global Moderator

    dude what filtering do you want to put in place?  What firewall rules?  What do you want to block something in building 1 or 2 from accessing in the other building??  If you can not think of any firewall rules.. Then just connect it your switch and then they are all on the same network and you can access whatever webpage you want to access.

    Seem to me your just looking to make this complicated..  If you do not know how you want to filter, and you believe its easier when on same network.  Then connect it to your switch.  If you know what to filter and don't want stuff talking to other stuff unless you say its ok via the firewall then route.

    If you have some need that you can actually articulate that they need to be on the same broadcast domain, yet be able to filter traffic between the buildings where host in building 1 can not talk to host in building 2 on ports xyz, but host 2 needs to talk to building 1 host 2 on ports XYZ..  Then sure setup a bridge.

    But it sure sounds to me that this all becomes really simple if you just connect it to your switch..



  • I see what you are saying, I just like to keep wireless items separate because I know it is hackable.  How to filter?  I am not sure what to filter to tell you the truth, but using the Ubiquity as a gateway to the internet, I just wanted something more secure than the built in options on the Ubiquity..

    You're right, this is too complex or I am making it more complex.  I should just bridge the first ubiquity to Comcast, set the two on another network and bring in the second Ubiquity as a Wan of sorts into the other port and route.

    There is nothing in the other building that needs access to my network, not at this time.  The other building is just being used as a hop of sorts, so filtering would be done just like my DSL bridge, but without bridging at PFSense.

    I presume that would work?

    I know this is a weird setup, but this is the only way I can get Comcast and dump my slow DSL, being located where I am does not give me good line of sight from this location to the Comcast WiFi access point several miles from my home.


  • LAYER 8 Global Moderator

    there is nothing weird about it.. And why would you make it another wan??

    So you don't want this wireless network talking to your other network??  Then create a new network.. Pfsense will auto route between them..  And you can allow or block whatever traffic you want..

    Does not matter if the network is in the same building, or building a block over..



  • Sweet, I appreciate your feedback.  Going to work on it now!


  • LAYER 8 Global Moderator

    This really is 10 seconds of work… Add opt interface assign to whatever phsyical port you want to use.. Give it a IP in your network you want to use lets say 192.168.1.0/24  Create firewall rules, I would most likely start with any any..  Enable dhcp on this interface if you want..

    Once you have everything working on that network you can fancy with the firewall rules if you so desire.



  • Having no luck with this… lol.

    I set a static IP on the Ubiquity that I need to access, 192.168.1.232, my adapter is on 192.168.1.1.  Created rule on the interface using "all", can ping the interface from my 192.168.0.8 machine, can't ping the 192.168.1.232 device.

    Any ideas what I am missing?

    No static routes, no gateway on the adapter.



  • Has to be a routing issue, I can ping from the box to 192.168.1.232 and it is fine, from the box again, ping and selecting the adapter, I can ping google.com and any other site.



  • ARP table shows the devices and macs, route table also shows the ip's…  Not sure what the issue is..


  • LAYER 8 Global Moderator

    "Has to be a routing issue"

    How is it a routing issue if you can not ping from pfsense that you gave 192.168.1.1/24 and connected to this other device that is also on 192.168.1.0/24 with a 192.168.1.232 address

    Where you you seeing the mac address?  And what is you rule - you sure you didn't create an any any rule for tcp only?

    How are they connected together?



  • Sorry, should of said.  Routing between the 192.168.0.0/24 network and the 192.168.1.0/24 network.  I can ping using PFSense ping option, selecting the adapter for the 192.168.1.0/24 network.

    ARP table within PFSense shows the 192.168.1.1 adapter and the mac, it also shows the 192.168.1.232 device and its mac.  Also all the other networks and downstream devices IPs and macs.

    Connection to the device is direct ethernet cable.  I set up a basic rule IPV4* * * * * * none.  All protocols, all sources, all ports, all gateways, no queue.

    I also tried the above and adding the source lan3 net and a destination of lan2 net and vice versa with no luck.

    None of the lan adapters have any gateways associated with them, just to be clear on that.

    I can do some screenshots if it will help, please let me know what you want to look at, and I will provide the information for you..

    Appreciate it again.



  • Anyone?  My billing cycle is coming up and I really do not want to pay another Dime to Frontier…. lol



  • I have made a new topic, with less pollution and screen captures…  I placed it in the correct forum, so I will lock this and you can find it here... https://forum.pfsense.org/index.php?topic=111286.0


Log in to reply