I followed your tutorial and noticed some weird behaviour on my pfSense router (HP t730 thin clied with Intel i350 QPort Ethernet Card) that it randomly goes unresponsive, I believe it might be some other thing causing this issue or may be I think it has being doing this before I made a switch but someone on the Netgate forums stated this issue as: IMHO (so I'll be wrong probably) bridging interfaces on a NIC is from a programming point of view a severe jack. As all packets have to go through the entire NIC driver, and a part of the kernel, to go back in the driver again. Possible to use a 4 port 5$switch -and use use one slot on your NIC ? ( and don't take igb1 now ^^, take igb1 1, 3 or 4). Just to exclude a possible issue with the NIC. Can you please let me know if it really costs that much processing power to turn those extra router ports into switch?
This Video saved me. I've been beating my heat against the wall for a week trying to do this. Thanks so much. I run OpnSense, but all the instructions here were almost the same for OpnSense. I created a Switch with the 5 "Lan" ports in my OpnSense PC. Now, all clients in the Ethernet Ports get a DHCP address in the same subnet. Thanks again!!
Slight correction - remove default Lan net Rules - Add rule - Action:pass, Interface: Lan, - protocol: any Also please like and Sub the video. This is one of my most viewed video from start to finish - yet very few likes or subs,
A simpler alternative would be to change two sysctl values in System > Advanced > System Tunables and manage rules only under MYSWITCH: net.link.bridge.pfil_member to 0 net.link.bridge.pfil_bridge to 1
This is great use. Additionally is it possible to isolate the ports to different vlans. I plan to migrate to a multiport pfsense and get rid of my managed switch. That way one port will be trunk and other be vlan2, vlan3 etc. How can that be configured?
OK I have mine already set up and been using. I want to add the extra ports can you not just add the extra ports to the ariginal IP address and not have to temporally set up a different IP address. if not why.
Hi there, i have a question about pfsense firewall, when we configure pfsense and connect it to the router or switch, can we give enable dhcp server on pfsense and give ip address to the client in our network?? And all mobile and laptop can connect to the pfsense wirelessly? That means our network behind the pfsense?? Am i right??
Very helpful. This walkthrough helped me get my bearings. But I decided to do it a little differently. I had the “MySwitch" use the LAN interface also. I then had “MySwitch" use DHCP instead of a fixed IP so the other ports can inherit and use the same IP range as the 1st auto-configured LAN port. So no extra DHCP server running and it is functioning more like a typical switch. For the firewall rules I added the source “MySwitch Net” instead of having it be completely open to everything. Is there a reason to not do it this way?
@@maodelg I am having the same issue. I am following the video exactly but the bridged ports are not getting ip addresses. Did you manage to solve the issue?
Hi Nick, thank you very much for solving my problems, it seems to do the job for me. Question: Don't the allow all rules allow all communication from the WAN to my LAN?
if you understand how nat works. anything initiated from inside the network is allowed to go out and receive replies. Anything coming from outside the network first you will need to allow, usually under NAT tab in firewall.
it connects to a switch which connects to my main router. I am simulating a WAN ISP connection. works the same as you would plugin a cable modem with DHCP option.
You saved my sanity Nick! Got 2 switches working and my Ubiquiti AP without any issues following this video step by step. I'd like to not have 192.168.1.x as my IPs but thats ok for now since I'm going to do this all over again when the ssd delivers that I bought for my pfsense box. If I may, I'd like to ask one more question. I have 1gbps speeds from Verizon (my ISP). After running speed tests concurrently on devices not connected to the same ports on the pfsense box, it seems like the bandwidth is being shared. Is that how it is supposed to be, or should I be getting 1gbps at the same time for each ethernet port? Actually, now that I'm typing this out, I realize I may be over thinking this. Since I only have 1gbps service, I wouldn't get 1gbps concurrently per ethernet port, otherwise I'd be pulling down 3gbps. Is that right? Thanks again!
Please do a speed test at fast.com - if you are using speedtest.net itis not reliable with speeds over 100Mb. Some things really depend on the internal hardware of your router. Even though technically a port may be 1Gb it doesn't mean this setup will give you all that speed per port. Even some switches have limitations on how much data they can process when all the ports are being used to their max. A cheap switch might actually be a better option in this case if you are processing lots of data.
Haven't tried - but you can use any of the other ports/intercface to create a separate LAN (not vlan) add any/any rules and create as many vlans as you wish on that interface.
Hey, nice tutorial. After I've reconfigured the router, my mobile devices constantly need to have their wifi switched off and on again, otherwise, it will just say it's connected to wifi but nothing will load. Anyone have a fix for this?
you have to manually configure each wifi AP. In the wifi AP settings you have to turn off DHCP and set the IP as your lan gateway but out of the LAN DHCP range. For example in this video his lan gateway is 192.168.1.1 with a range of 192.168.1.10- 192.168.1.100 i believe. So using this example your going to have to set the IP in your wifi AP as 192.168.1.2-192.168.1.9 you can always adjust the range in pfsense to accommodate the number of devices you have. Watch this video for more insight. /watch?v=REiL6r00GC8
@@ITVOIP gotcha, thanks. I just configured my lan2 to have a separate IP (192.168.2.1) and set a firewall rule for all traffic to pass.. I'm too lazy to at least take my Google wifi down and see if everything worked lol
System: Advanced: System Tunables | net.link.bridge.pfil_member | Set to 0 to disable filtering on the incoming and outgoing member interfaces. | default (1) | | net.link.bridge.pfil_bridge | Set to 1 to enable filtering on the bridge interface | default (0) | This is to avoid filtering on NICs and do the filtering only on bridge interface. Source: netgate forum.
If you change these 2 values under the Advanced -> System tunables, net.link.bridge.pfil_bridge Packet filter on the bridge interface -> default value is 0 , change this to 1 net.link.bridge.pfil_member Packet filter on the member interface -> default value is 1 , change this to 0. you only need to assign a rule for the entire "switch" and not for each member (port) of the switch you have created. This can save you a lot configuration hassle. Grtz
Thanks to everyone for making this one of my top videos! Please like and sub to see more videos like this!
I followed your tutorial and noticed some weird behaviour on my pfSense router (HP t730 thin clied with Intel i350 QPort Ethernet Card) that it randomly goes unresponsive, I believe it might be some other thing causing this issue or may be I think it has being doing this before I made a switch but someone on the Netgate forums stated this issue as:
IMHO (so I'll be wrong probably) bridging interfaces on a NIC is from a programming point of view a severe jack. As all packets have to go through the entire NIC driver, and a part of the kernel, to go back in the driver again.
Possible to use a 4 port 5$switch -and use use one slot on your NIC ? ( and don't take igb1 now ^^, take igb1 1, 3 or 4). Just to exclude a possible issue with the NIC.
Can you please let me know if it really costs that much processing power to turn those extra router ports into switch?
Thank you.
This is just what I needed.
Now I have both my switches connected and ready for the rest of the servers to be connected to it.
This Video saved me. I've been beating my heat against the wall for a week trying to do this. Thanks so much. I run OpnSense, but all the instructions here were almost the same for OpnSense. I created a Switch with the 5 "Lan" ports in my OpnSense PC. Now, all clients in the Ethernet Ports get a DHCP address in the same subnet. Thanks again!!
tried a couple other tutorials that didn't work. this one worked perfectly!
thank you, i spent the last 6 hours trying to get a wireless AP working. this helped SOOOOOOOOOOOOOOO much.
Best pfsense series I ever seen good work 👍
Thanks for this tutorial, worked great!
Thank you! It really helped me!
dude i wish i would have came across this 5 hours ago lol thanks so much
😂
This is just what I needed. Thanks! Any suggestions on how to relegate a computer that may have promiscuos mode turned on so that it only sees itself?
ohhh thank you very much for this, looks like I missed the same firewall rules
Slight correction - remove default Lan net Rules - Add rule - Action:pass, Interface: Lan, - protocol: any
Also please like and Sub the video. This is one of my most viewed video from start to finish - yet very few likes or subs,
A simpler alternative would be to change two sysctl values in System > Advanced > System Tunables and manage rules only under MYSWITCH:
net.link.bridge.pfil_member to 0
net.link.bridge.pfil_bridge to 1
Thank you so much! I was stuck on AP until I added Action:pass, Interface: Lan, - protocol: any
very amazing video. tyvm for sharing this.
This is great use. Additionally is it possible to isolate the ports to different vlans. I plan to migrate to a multiport pfsense and get rid of my managed switch. That way one port will be trunk and other be vlan2, vlan3 etc. How can that be configured?
many thanks
What box were you using for your pfsense install? I haven’t seen one with 5 ports!
keep on publishing :)
well put
OK I have mine already set up and been using. I want to add the extra ports can you not just add the extra ports to the ariginal IP address and not have to temporally set up a different IP address. if not why.
Will these switch ports carry tagged traffic? In other words, can I configure these bridged LAN ports as trunk ports? Thanks a lot!
Hi there, i have a question about pfsense firewall, when we configure pfsense and connect it to the router or switch, can we give enable dhcp server on pfsense and give ip address to the client in our network?? And all mobile and laptop can connect to the pfsense wirelessly? That means our network behind the pfsense?? Am i right??
Very helpful. This walkthrough helped me get my bearings. But I decided to do it a little differently.
I had the “MySwitch" use the LAN interface also. I then had “MySwitch" use DHCP instead of a fixed IP so the other ports can inherit and use the same IP range as the 1st auto-configured LAN port. So no extra DHCP server running and it is functioning more like a typical switch. For the firewall rules I added the source “MySwitch Net” instead of having it be completely open to everything. Is there a reason to not do it this way?
Can't get my other interfaces to get IPs from the LAN DHCP. Any tips?
@@maodelg I am having the same issue. I am following the video exactly but the bridged ports are not getting ip addresses. Did you manage to solve the issue?
Hi Nick, thank you very much for solving my problems, it seems to do the job for me. Question: Don't the allow all rules allow all communication from the WAN to my LAN?
if you understand how nat works. anything initiated from inside the network is allowed to go out and receive replies.
Anything coming from outside the network first you will need to allow, usually under NAT tab in firewall.
@@ITVOIP would you not do it with an allow rule on the WAN interface ? What's the difference in doing it on the NAT tab?
Do you happen to know how to configure a Mobile Phone to act as a failover WAN in OpnSense/pfSense?
Does it work on 2.5.1?
Hi, I have a beginner’s question, where does the other end of the WAN cable connect to? Thanks!
it connects to a switch which connects to my main router. I am simulating a WAN ISP connection. works the same as you would plugin a cable modem with DHCP option.
Thank you!
You saved my sanity Nick! Got 2 switches working and my Ubiquiti AP without any issues following this video step by step. I'd like to not have 192.168.1.x as my IPs but thats ok for now since I'm going to do this all over again when the ssd delivers that I bought for my pfsense box.
If I may, I'd like to ask one more question. I have 1gbps speeds from Verizon (my ISP). After running speed tests concurrently on devices not connected to the same ports on the pfsense box, it seems like the bandwidth is being shared. Is that how it is supposed to be, or should I be getting 1gbps at the same time for each ethernet port? Actually, now that I'm typing this out, I realize I may be over thinking this. Since I only have 1gbps service, I wouldn't get 1gbps concurrently per ethernet port, otherwise I'd be pulling down 3gbps. Is that right? Thanks again!
Please do a speed test at fast.com - if you are using speedtest.net itis not reliable with speeds over 100Mb.
Some things really depend on the internal hardware of your router. Even though technically a port may be 1Gb it doesn't mean this setup will give you all that speed per port. Even some switches have limitations on how much data they can process when all the ports are being used to their max.
A cheap switch might actually be a better option in this case if you are processing lots of data.
can we use vlan on the MySwitch interface?
Haven't tried - but you can use any of the other ports/intercface to create a separate LAN (not vlan) add any/any rules and create as many vlans as you wish on that interface.
Hey, nice tutorial. After I've reconfigured the router, my mobile devices constantly need to have their wifi switched off and on again, otherwise, it will just say it's connected to wifi but nothing will load. Anyone have a fix for this?
you have to manually configure each wifi AP. In the wifi AP settings you have to turn off DHCP and set the IP as your lan gateway but out of the LAN DHCP range. For example in this video his lan gateway is 192.168.1.1 with a range of 192.168.1.10- 192.168.1.100 i believe. So using this example your going to have to set the IP in your wifi AP as 192.168.1.2-192.168.1.9 you can always adjust the range in pfsense to accommodate the number of devices you have. Watch this video for more insight. /watch?v=REiL6r00GC8
Which hardware motherboard are you using in this video
This is not just a motherboard it's a complete appliance.
www.lannerinc.com
@@ITVOIP hi there, you can use mini pc with 2 lan port
It seems to be a Lanner FW-7535. I have one in a box here. 🙂
Does this work on pfsense 2.4.5? Cuz I got an extra ethernet port i need to get up
Haven't tried but i believe it should
@@ITVOIP gotcha, thanks. I just configured my lan2 to have a separate IP (192.168.2.1) and set a firewall rule for all traffic to pass.. I'm too lazy to at least take my Google wifi down and see if everything worked lol
System: Advanced: System Tunables
| net.link.bridge.pfil_member | Set to 0 to disable filtering on the incoming and outgoing member interfaces. | default (1) |
| net.link.bridge.pfil_bridge | Set to 1 to enable filtering on the bridge interface | default (0) |
This is to avoid filtering on NICs and do the filtering only on bridge interface.
Source: netgate forum.
Hi. Can i use 10gb nic card to become switch on pfsense? Thanks.
Yes. I added 6 of them.
@@adrianandrews2254 I can't seem to get mine to work
What firewall rule? For the access point?
You skip over most important part
you need a firewall rule for each Lan port.
This did not work for me at all my bridge doesn't show up in the DHCP server setting
check the pinned comment at the very top.
thanks for the content, but sheesh that was an effort in speed listening.....
Good video but last 3 minutes you moving like race car. I could not get it. Have no idea what firewall rule you added.
Big thanks from russia!!! You help me! :)
Happy to help!
seems like a pain in the ass but at least you only need to do it 1 time..
If you change these 2 values under the Advanced -> System tunables,
net.link.bridge.pfil_bridge Packet filter on the bridge interface -> default value is 0 , change this to 1
net.link.bridge.pfil_member Packet filter on the member interface -> default value is 1 , change this to 0.
you only need to assign a rule for the entire "switch" and not for each member (port) of the switch you have created.
This can save you a lot configuration hassle. Grtz
Thanks a lot, It works. I was struggling on 6:38 setup all opt2-4 ports firewall rule (video missing most important not cover)