I have 4 ports on my pfSense firewall NIC.
One is used for WAN, leaving 3.
My goal is to eliminate a current switch and let the firewall NIC handle traffic between devices on that same network.
Would it be better to
A) Designate two of those 3 remaining as the same network, e.g. 192.168.1.X ?
B) Designate one say 192.168.2.X and one 192.168.3.X and use subnet mask of 255.255.14.0
C) designate one 192.168.1.X and one 192.168.3.x and just allow traffic between the two.
Never did anything quite like that.
Thank you.
Sterling
Is one of your switches a layer 2 switch? It might be easier to create a VLAN and use a single port for both networks.
1 Like
Thanks @xMAXIMUSx.
I guess I wasn’t thinking it through.
The switch should do the job I need without implementing a VPN.
Keeping it is probably the easiest solution.
It sounds like you are now planning on keeping your switch in place but perhaps want to use the remaining ports on your router.
If so and you want to have multiple networks, that is vlans. You could setup your pfsense with WAN, LAN, vLAN, in an emergency plug into the LAN on the router to fix whatever problem you’ve created directly on pfSense, the 2 remaining ports you could put into a LAGG and pass all your vlans through to your switch. The benefit of this is you have two cables to your switch which is contingency if one fails. If you were ever to saturate one link, then other users traffic would pass over the other link.
1 Like
You can setup the multiple networks on each port as described, but your netmask for private 192.168.x.x networks will need to be class c 255.255.255.0 or in that range. I would suggest stick to standard /24 for simplicity.
Then you just add rules to allow traffic.
As long as you understand that means all your traffic between the lans will go through your firewall. I assume based on your explanation you have very few devices so it may be fine
If you are placing devices on these ports 192.68.3.x and 192.168.2.x for example, they are not on the same network. Do u mean same physical device like your firewall?
1 Like
Lots of good questions and suggestions, based on my sketchy “hold my beer” post.
This makes a lot of sense. I could use the port as a means to troubleshoot the firewall (which is in my basement).
Very constructive comment @neogrid
Thanks…and yes I did bugger up the mask.
I do have separate physical devices currently connected through the switch which need to communicate constantly.
So the switch makes sense to keep…yes especially since I already have it in place.
Was just thinking that I could eliminate the switch for simplicity’s sake.
BTW, it is a TL-SG108E which can do VLANs, and some Traffic monitoring, Port mirroring, loop prevention.
You can bridge your ports of the pfsense and act like a switch, it’s just resource heavy on the pfsense box. But could remove a physical piece of equipment like your physical tp switch