pfsense:configure_pfsense_bridge_over_multiple_nics_as_lan
Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
| pfsense:configure_pfsense_bridge_over_multiple_nics_as_lan [2020/03/22 18:04] – peter | pfsense:configure_pfsense_bridge_over_multiple_nics_as_lan [2020/11/30 11:56] (current) – removed peter | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== PFSense - Configure pfSense bridge over multiple NICs as LAN ====== | ||
| - | |||
| - | A bridge interface creates a logical link between two or more Ethernet interfaces or encapsulation interfaces. | ||
| - | |||
| - | Your interface names may be slightly different (e.g. LAN, Opt1, Opt2). | ||
| - | |||
| - | The basic idea is: | ||
| - | |||
| - | * Assign and Enable additional NICs | ||
| - | * Create Bridge Interface | ||
| - | * Assign Bridge Interface an IP Address | ||
| - | * Create Interface Group | ||
| - | * Add Firewall Rule | ||
| - | * Add DHCP Server on the Bridge | ||
| - | * Remove IP address from EM1 | ||
| - | |||
| - | ---- | ||
| - | |||
| - | ===== Assign and Enable additional NICs ===== | ||
| - | |||
| - | Enable all the NICs you have and want included in the local LAN Bridge. | ||
| - | |||
| - | In pfSense, this is via the menu item **Interfaces -> (assign)** | ||
| - | |||
| - | ---- | ||
| - | |||
| - | ===== Enable interfaces needed for the bridge ===== | ||
| - | |||
| - | For each interface assigned, enable that interface via the **Interfaces -> EM** menu item, and ensure it has **None** specified as the IPv4 and IPv6 address. | ||
| - | |||
| - | ---- | ||
| - | |||
| - | ===== Create Bridge Interface ===== | ||
| - | |||
| - | Create a virtual bridge interface across all of the NICs you want included in the bridge. | ||
| - | |||
| - | Use the menu **Interfaces -> (assign) -> Bridges**. Use the **Add +** button to add a bridge and select all interfaces you want as part of the bridge, but do not include the WAN interface. | ||
| - | |||
| - | ---- | ||
| - | |||
| - | ===== Assign an IP address to the bridge ===== | ||
| - | |||
| - | Assign an IP address (IPv4, minimally) to the bridge via the **Interfaces -> BR0** menu. | ||
| - | |||
| - | |||
| - | <WRAP important> | ||
| - | **WARNING: | ||
| - | |||
| - | The MAC address for a bridge is determined randomly when the bridge is created, either at boot time or when a new bridge is created. | ||
| - | </ | ||
| - | |||
| - | |||
| - | ---- | ||
| - | |||
| - | ===== Create Interface Group ===== | ||
| - | |||
| - | Create an interface group including all NICs and the bridge interface. | ||
| - | |||
| - | This will be used for LAN firewall rules. | ||
| - | |||
| - | Use the menu **Interfaces >> (assign) -> Interface Groups**. | ||
| - | |||
| - | Use the **Add +** button to add the group and select all interfaces you want as part of the bridge group, including the bridge itself, but do not include the WAN interface. | ||
| - | |||
| - | ---- | ||
| - | |||
| - | ===== Add Firewall Rule ===== | ||
| - | |||
| - | Add a firewall rule to allow traffic to flow amongst the interfaces of the interface group, as a single, unconstrained LAN. | ||
| - | |||
| - | Select **Firewall -> Rules -> Bridge** and add a rule like this | ||
| - | |||
| - | < | ||
| - | Action: Pass | ||
| - | Interface: Bridge | ||
| - | Address Family: IPv4+IPv6 | ||
| - | Protocol: Any | ||
| - | |||
| - | Source: Any | ||
| - | Destination: | ||
| - | </ | ||
| - | |||
| - | ---- | ||
| - | |||
| - | ===== Add DHCP Server on the Bridge ===== | ||
| - | |||
| - | Assuming you want to run a DHCP server on your local LAN, configure the DHCP server on the Bridge interface via the menu item **Services -> DHCP Server -> BR0**. | ||
| - | |||
| - | < | ||
| - | Enable DHCP server on BR0 interface. | ||
| - | Range: 192.168.1.101 to 192.168.1.200. | ||
| - | </ | ||
| - | |||
| - | ---- | ||
| - | |||
| - | ===== Remove IP address from EM1 ===== | ||
| - | |||
| - | Finally, as cleanup, you should remove the IP address from EM1. | ||
| - | |||
| - | You may need to disable the DHCP server on that interface first. | ||
| - | |||
| - | Select **Interfaces -> EM1**. | ||
| - | |||
| - | Set IPv4 and IPv6 Configuration Type to None. | ||
| - | ---- | ||
| - | |||
| - | At this point you should have a fully functional, local area network bridge across all your interfaces. | ||
| - | |||
| - | ---- | ||
| - | |||
pfsense/configure_pfsense_bridge_over_multiple_nics_as_lan.1584900279.txt.gz · Last modified: 2020/07/15 09:30 (external edit)