When pfSense or OPNsense is first installed, it might install the WAN port on the 4 port nic. Just change the interface over to the onboard nic and save it so we can strictly work with the 4 ports on the nic.
Disclaimer: Accessing the information on this page means you agree to the Sites Terms of Service
These instructions assume pfSense or OPNSense is installed. Since the two platforms are basically identical save for the web interface, the information is pretty well interchangeable between the two platforms.
There's a lot of folks who say "Don't use the nic in the computer as a switch!! go buy a switch if you need a switch!". I'll agree if you're using a 266Mhz computer from 2000, but if you've got a computer with a core i5 or something, set it up as "a switch" and forget about it. It's why you bought the 4 port card amiright?
When pfSense or OPNsense is first installed, it might install the WAN port on the 4 port nic. Just change the interface over to the onboard nic and save it so we can strictly work with the 4 ports on the nic.
The first step is to enable all interfaces, so you have:
LAN
OPT1
OPT2
OPT3
WAN
Do NOT set an IP on OPT1, OPT2 or OPT3. Leave the IP option set to none
By default, the LAN port is setup with a static IP of 192.168.1.1
If you plan to use that subnet as your primary network, change the IP to something else, like 192.168.0.1, that way it doesn't interfere with the 1.1 network you will use for the rest of your network.
Keep in mind this IP is strictly going to be used as a maintenance IP address to access the box if something goes wrong with the other network.
Trust me when I say this will be a life-saver if you ever run into trouble down the road, and YES, this port will be a part of the switch on your main subnet.
Also, keep in mind that this IP will ONLY work on THIS PORT. If you have to connect on this IP for maintenance reasons, you'll have to make sure you plugged into the port that is configured for LAN.
Quick Note: You may want to disable DHCP for this interface to keep from interfering with the bridge when we set it up for DHCP.
Next, we're going to go to Interfaces and then BridgeOther Type to get to the Bridge setup.
Add a new bridge and add the LAN, OPT1, OPT2 and OPT3 as the interfaces in the bridge. Call the bridge whatever name makes the most sense to you. I called mine "Router" because it's going to be the primary device at the front-end of my network. I don't know enough about networking to say whether it truly is a router, but eh, good enough to make this work. From here-on-out, I'll refer to the Bridge as Bridge (Router), because the bridge takes on the name of whatever you called it.
Make sure you save and apply the settings when you get done.
Let's go back to the interfaces area and add the newly created Bridge (Router) interface.
Next, let's go into that interface and enable it.
Once the Bridge (Router) interface is enabled, let's go down to the IPv4 area and set it to static. Enter the IP address for the network you want to use, for example: 192.168.10.1
Save the interface and apply the settings if needed.
Let's go to Firewall -> Rules and then Bridge (Router)
Add a new rule for the Bridge (Router)
The ONLY thing you need to set here, is the Source
We're going to set the source to Bridge (Router net) Keep in mind, if you called yours "Bridge", it will be "Bridge net". If you called it "Router, it will show "Router net".
Leave everything else as the default, and save the rule.
Finally, apply the rule up at the top of the main rules page.
You may or may not need to follow this step, however I had all sorts of problems getting things to work right until I figured out the ip table states were using stale entries.
Navigate to Firewall -> Diagnostics -> States Reset (This might be different on pfSense. It's correct on OPNSense)
Hit the Reset button, wait a few, then refresh the page.
Next, let's enable DHCP on the Bridge (Router) interface so you can pass out IP's to the rest of your network.
On OPNSesnse, it's located under Services -> DHCPv4 -> [Bridge (Router)]. I'm guessing it somewhere similar on pfSense.
Enabling DHCP is pretty straightforward.
Put the check next to: Enable DHCP server on the Bridge (Router) interface
Then, set your pool size using the full start IP (192.168.10.100) and full end IP (192.168.10.150)
Save it and you're done.
At this point, you should be done setting up the 4 ports to work like a switch, accessible on your network of choice. Since we left the IP address on the LAN port, you can also access the box using that maintenance IP address, in addition to your main network.
Hi. Thanks for the write up but I'm having a strange issue. I connected two switches. 1 on OPT2 and 1 on OPT3. I am physically connected to the switch on OPT3 and can get out to the internet and ping the gateway. Anything connected on the switch on OPT2 I cannot communicate with. I have tested my Firestick on that switch and I can communicate out. Why am I not able to communicate from either switch?
Thank you for this tutorial, it work perfectly :)
Thanks for these detailed instructions - just what I was looking for and had been struggling with to get working. Perfect!
Post Comment