When I got the hardware for this I tried to replicate the existing router in that I wanted 4 connections for the lan and 1 for wireless (existing router) and then of course the wan connection.

The basic setup seems to offer a single connection to lan which is not helping unless I buy a switch.

You may have gathered I know the very minimum about all the terminology for this and have no idea what a virtual setup is.

Anyone got time to explain how I can get this to act as a switch too and enable connection to each nic to be on the lan?

Are you using multiple nic cards in the pfsense box or just 1 nic for WAN and 1 nic for LAN? If you have multiple nic cards and you also want them to be on your LAN network all that's necessary is to go into the nic card interface page in pfSense and bridge the interface to the LAN.


http://imgur.com/EnL3u.png


In the pic above is the nic called Foxconn(not an actual nic card but the onboard nic on the motherboard of the router box, you can call it anything) and I have bridged it with LAN. After you bridge it, you set a firewall rule to allow traffic through it and the nic should request an IP address from the LAN and it should be good to go.

If you decide to use your old router as a switch, all that's needed is to plug the router into the LAN nic on the pfsense box and put the old router into 'switch mode' so it doesn't route traffic and only passes traffic through like a switch.

Thanks Deadly.....I had to re-do the whole setup (manually) in order to get the opt cards showing in the above (interfaces) menu

just now I have lan and wan on the 260 dual card, opt1 and opt2 on the 280 dual card opt3 and opt4 both on pci cards

Set up with dhcp on....any comments about that?

Have a look at the firewall setup and give me a clue about what you would be doing there please mate. so far I see the machines named in status with addresses but no ability to connect to wan.

I made some changes to the old router and what I seem to have now is a bridge....the wireless works ok (when connected to the lan) but the switch is not working.....more reading methinks.

I think I may be buying the book...expensive but I'm told it will help me learn the terminology as well as pfSense :shrug:

Thanks Deadly.....I had to re-do the whole setup (manually) in order to get the opt cards showing in the above (interfaces) menu

just now I have lan and wan on the 260 dual card, opt1 and opt2 on the 280 dual card opt3 and opt4 both on pci cards

Set up with dhcp on....any comments about that?

Have a look at the firewall setup and give me a clue about what you would be doing there please mate. so far I see the machines named in status with addresses but no ability to connect to wan.

I made some changes to the old router and what I seem to have now is a bridge....the wireless works ok (when connected to the lan) but the switch is not working.....more reading methinks.

I think I may be buying the book...expensive but I'm told it will help me learn the terminology as well as pfSense :shrug:

I also set my DHCP to on so the interfaces could request a local IP on the LAN(192.168.1.X, etc.) and gain internet access. I had a problem where the interfaces would request an IP from the LAN DHCP server but after a day or two, the IP lease would expire for whatever reason and the interface couldn't renew the lease or gain a new LAN ip. I solved that by extending the lease expiration time to a crazy number(1 with a couple dozen zeros after it). This way the lease doesn't expire for a couple decades and you won't have to worry about internet connection dropping during the night :p: I think an easier solution probably exists but I'm not much of a network genius and my motto is if it 'aint broke, don't fix it :D



http://imgur.com/q70cD.png



After you've bridged the additional nic interfaces to the LAN, set a firewall rule to allow traffic to each nic(every nic will need a rule in the firewall section). I played around with the firewall rules for a while and this setting finally worked for me. If it's the optimal setting I can't be sure but I know it works and that's good enough for me. I heard good things about that pfSense guide book and might end up buying it because I'm still trying to figure out how to set up an FTP server and I'm still stumped.



http://imgur.com/C0kn0.png

Finally coming together....2 opts now on lan but getting lots of dns errors so I will be looking at that tomorrow..... too tired to be doing it now...i'd just make more mistakes

Finally coming together....2 opts now on lan but getting lots of dns errors so I will be looking at that tomorrow..... too tired to be doing it now...i'd just make more mistakes

That's probably due to the quality of the URLs being given out by Alex recently. The best URLs are crawled first then the garbage URLs follow. They'll last a day or two at the most and then we'll be back to the nice 85%+ URLs :up: If the DNS errors still hang around there is an option to change your DNS servers within pfSense, but I would wait a few days to make sure the crappy URLs have been crawled before making a decision.

This time I want to pick peoples brains on the subject of dns servers..... The obvious choice is to go with the isp ones which to date have been pretty good but since I started using pfsense I seem to be running slower (perception not figures to prove)

so it made me wonder about the dynamic dns option (about which I know nothing) I should have the book to help me but most of it is over my head

Maybe look at somewhere like http://www.dnsserverlist.org/ and take a recommend from there?

Do you mean slower as in less URLs crawled? Or just average browsing experience? There's an option to set your own DNS servers in pfSense or you can let it grab the DNS servers from your ISP. I also think you have to change the NIC's DNS servers within Windows or it will automatically use your ISP's DNS servers. I currently use the Sprintlink DNS servers because they're faster than even Verizon's DNS :eek::)

side question: have you raised the State table size within pfSense?(It's under System->Advanced->"Firewall Maximum States") That is probably the single most crucial setting MJ12-wise. I have mine set to 100 million but I wouldn't go lower than 100k.

Slower in that the maximum speed of any machine seems lower due to running into conn and dns errors

according to this http://namebench.appspot.com/id/861011 My isp is the fastest but I shall try putting an alternate in the second choice on the general setup page in case my isp's dns server falls over

State tables have now been changed to 1,000,000 (each takes up 1KB memory so that is 1GB) I am running 2GB so should be ok

I have also just changed the optimisation option to conservative to see if it changes anything with my errors (should effect timeouts too) this too is at the expense of ram and cpu some as well but personally I only saw a max of 6% cpu ever

Still trying to get more info on dynamic dns

EDIT:I just ran the same test again but this time from my daily rig whilst 2 other rigs are crawling (yesterday everything was idle) and got this result...

http://namebench.appspot.com/id/908003

Maybe this one is a better guide under load???? anyway I will change it and watch the graph for an hour or so....