I need help with setting up pfSense with 1 WAN and 2 LAN interfaces.

PhysX_HW

Distinguished
So, the title says pretty much everything. I'd need to configure a bridge between the two LAN interfaces, one of them is a 10G, the other one is a 1G network card.

Currently, it looks like this:
WAN --- hn0
LAN --- hn2 (the 10G)
OPT1 --- hn1

But right now, there is no bridge between them. So, what I'd need is basically a switch between hn1 and hn2, so that I could connect my PC to the 10G port, and the rest of the network to the 1G port. Every device on the LAN side should be on the same subnet. (192.168.2.xxx)

I have got it configured, so that I have internet on the computer connected to the 10G interface.

And the OS is running in Hyper-V, but the switches are configured correctly, and I've been looking for solutions for over a week now, and haven't found anything, so any help would be appreciated.

Thank you.
 

PhysX_HW

Distinguished


Because one of them is a 10G SFP+ network card that goes to my workstation and the other is a regular RJ-45 gigabit NIC, for the rest of the computers and other devices on the network.

 

PhysX_HW

Distinguished


I will try that if nothing else helps, but it would be good if pfSense could manage them separately, with different firewall rules.
 

dgingeri

Distinguished


Well, pfsense is based on FreeBSD, and I believe FreeBSD can do that. I just don't know how to do it. It might be good to look up how to do that with a google search under FreeBSD.
 

PhysX_HW

Distinguished


It doesn't seem to work. The bridge doesn't get an IP address, so it seems I have to bridge them in pfSense and use two virtual interfaces. Also, it's quite annoying, as I'm trying to use the PC that's on the 10G end to access the internet and this forum. So yeah. I'll try some more stuff tomorrow. I know that there is a way to bridge two interfaces in pfSense, there are a few tutorials on that, but they don't seem to work, and some of them are for the older version that is a little bit different from the one that I have.
 
The only functionality that has changed since the release of the "Community Edition" is stripping out the really useful reporting. Personally I don't understand why you dont just run everything through the 10G card. If you were having separate subnets it would make sense.
 

PhysX_HW

Distinguished


It's because I don't have, nor do I need a 10G network for the rest of the devices. The server is mainly a file server, and the only computer that needs a really fast connection is the workstation, connected through the 10G card. The rest would work fine over the 1G for streaming media, and most of the devices would use wifi anyway.

 
OK but should I dare to ask if your storage controllers can do anything with a 10G connection? Not that it matters if you are determined to go down this route. The other option would be to have them on a different subnet and use an "allow any to any" firewall rule between them.
 

PhysX_HW

Distinguished


The RAID0 array that I'm using can push 450-500MB/s through the interface. So yes, the storage is fast enough that it actually uses the extra bandwidth of the 10G connection, although it could be improved, but this is what I've got at the moment. The other subnet is not really an option, as that's basically the current setup. The workstation is on one subnet, and then the rest is connected to the router's other subnet, the one that the WAN interface uses. (192.168.1.xxx) So, is there a way to bridge LAN and OPT1 ports and have them connected to the same subnet?

 
By default traffic can not pass between two different subnets (its a firewall), you would need to create a rule.
A bridge does work but its hard to set up (and even harder to advise over the web when I cant see what you have done). You will take a performance by using one though. What do you mean by " The workstation is on one subnet, and then the rest is connected to the router's other subnet, the one that the WAN interface uses" both subnets would use the default gateway which is your WAN connection, this isn't on the same subnet as the LAN.

Can you explain in deatil exactly how you currently have this set up?
 

PhysX_HW

Distinguished
Well, I have a wifi router that I want to run in a switch/wireless AP mode without a DHCP server once I have pfSense set up.

But right now, I have a broadband modem from the ISP, that's 192.168.0.xxx. Then I have a router with 192.168.1.xxx. The PC with pfSense in the VM is connected to that subnet, and basically any other device too. Now, it's a bit more confusing due to the virtual switches, but the host OS has an IP in both the 192.168.1.xxx range and the 192.168.2.xxx range, so that I can see the shared files on every PC that's on the networks. And finally, pfSense has its WAN interface on the 192.168.1.xxx side, and its LAN interface is on the 192.168.2.1 side. The other gigabit port (virtual switch with gigabit port) is unused, but it's hn1 as I mentioned above in the question.

I hope it's detailed enough, but if you need some clarification, I can try to draw a picture if that would help.

So, I know I'd need to bridge the LAN and OPT1 interface, and I've found some tutorials online too, but none of them actually worked, so I guess I'm doing something incorrectly. I've literally googled it like at least 10 times, did everything step by step, and in the end, even after rebooting pfSense, the computers on the LAN end don't get an IP address. But in the virtual machine's window, I can see that it has the 192.168.2.1 IP address on the LAN interface, and it has obtained an IP from the 192.168.1.xxx range from the router's DHCP server on the WAN interface.

I tried this, but without any success, unfortunately.
 

Kewlx25

Distinguished


PFSense is meant to be used as an appliance. Manual configuration changes many times get immediately get overridden by PFSense's configuration management or worse it make's PFSense out of sync and bad things happen.

That being said, bridge is crazy simple in PFSense. Their site has all kinds of tutorials and lots of people on YouTube have their own.
 

PhysX_HW

Distinguished


I know, and I've tried setting it up many times, but I always ended up without an assigned IP address on the clients. I guess you meant this tutorial on their own site, but for some reason, it didn't work. Though I will try again later today. By the way, do I need to assign the bridge as the LAN interface, or can I assign it as an optional interface just like hn2?

Thanks