As a former PFsense user i like to know why OPNsense switched this default order?
The PFsense order feels quite natural (dangerous internet -> lan -> all other internal networks). So the most-left interface is "internet".
Swapping LAN/WAN seems really strange to me. It also makes a migration for users complicated. Lots of guides/tutorials also note this choice.
I assume a reason is behind this change?
The change you mention was carried out in November 2014.
https://github.com/pfsense/pfsense/commit/e2accfacc5efa
Our fork was created in October 2014 with the vr0/vr1 as LAN/WAN.
That's the whole story... so I guess the question now is why did pfSense swap the default interface order? :)
Cheers,
Franco
Quote from: franco on September 05, 2022, 05:29:18 PM
so I guess the question now is why did pfSense swap the default interface order? :)
Cheers,
Franco
Probably because it makes more sense to have the wan being the first interface so all other interfaces are physically 'together'.
Take the protectli vault as an example.
4 ports all in a row.
With WAN first, the LAN interfaces (including OPT in that) are all together and not LAN, WAN, OPT.
Yes, I know there could be 2 or more WAN's, which you would then put as interfaces 0 and 1.
It just makes more sense.
It is a little funny... Today (before Ive seen the thread), I connected Power and ethernet cables (LAN only, where LAN and WAN are configured) and powered on a testing device running opnsense to make some power consumption checks. Instinctively, I plugged the ethernet cable for LAN to port one out of six.
As I was not able to establish any connection I tried port two and asked myself "who the hell ordered this assignment (1=WAN, 2=LAN)? ". As I was not able to establish a connection anyway, I found that the other side of the cable was not connected, and that the assignment is ordered the way I would do it too. :)
Indeed, I asked the question for myself too, which order will make more sense, and I also thought "ok, coming from WAN (port 1) the traffic will/ can go to LAN and other interfaces (port 2 - n); sounds logical".
But "my" logic is still: Standing in front of my device, I am standing in my LAN environment, where my traffic origins from, going to any other interface, so LAN=1 makes most sense for me.
Its just a question where you are looking from. Its like inverting vertical mouse axis in first person games. :)
Quote from: franco on September 05, 2022, 08:56:29 PM
Quote from: Demusman on September 05, 2022, 07:02:54 PM
It just makes more sense.
Not at all, no.
Cheers,
Franco
Very much so, yes. But we'll agree to disagree.
No sense in arguing it, there's nothing you can say to make me see your way, and nothing I can say to make you see mine.
Also, it's easy enough to correct the assignments during installation or after.
In my opinion it makes more sense to invert vertical mouse axis.
Good to know, that this can be changed to any flavour ;)
Quote from: Demusman on September 05, 2022, 09:03:55 PM
Very much so, yes. But we'll agree to disagree.
To be honest you said it "makes
more sense", but that's simply not true: both WAN/LAN and LAN/WAN are arbitrary permutations and all you interpret into it is reading direction, confirmation bias, discarding the unknown reason for the change after having worked for a decade this way in pfSense and m0n0wall.
So... both ways suck and ergo not changing it actually makes
more sense. ;)
Cheers,
Franco
Quote from: franco on September 05, 2022, 09:44:26 PM
So... both ways suck and ergo not changing it actually makes more sense. ;)
Cheers,
Franco
If you say so.
Meh, I made an effort to bring in the historic context, got "nah the other thing makes more sense" and laying out further things all you got is "if you say so". Come on.
How about looking into the original ticket in the pfSense commit for more context? How about looking for signs of confusion in pfSense forums about that initial change some time in 2015?
I like a good discussion with differing technical viewpoints, but I feel that there has been no effort on your end to strengthen your position.
Cheers,
Franco
Quote from: Demusman on September 05, 2022, 09:03:55 PM
No sense in arguing it, there's nothing you can say to make me see your way, and nothing I can say to make you see mine.
Quote from: Demusman on September 06, 2022, 04:52:40 AM
Quote from: franco on September 05, 2022, 09:44:26 PM
So... both ways suck and ergo not changing it actually makes more sense. ;)
Cheers,
Franco
If you say so.
That's rather a patronising comment to someone that's trying to help you. If you think you have a 'better' technical point then please enlighten us.
What I find strange in general is that matching pathos of an ongoing discussing ("makes more sense") seems to induce feelings of others thinking they are being overpowered or sometimes downright hostile about the replies given. I don't understand it: it's a technical nuanced discussion and scraping away all feelings and confirmation bias is a good start towards a shared solution that both sides may agree on.
How bad is it to switch? How bad is it to keep? How relevant is any of this in the grand theme of things?
Most technical quirks are either explained in documentation, manual or visibly shown in the console itself.
Here lies some of the problematic substance in switching to a better approach: it will create more work and future questions about it. Think about the recent VLAN naming discussion or when, in younger years, I switched console option 5 and 6 for a user saying it makes more sense... it briefly disrupted our own production workflow for no apparent reason. ;)
https://github.com/opnsense/core/issues/338
Cheers,
Franco
Quote from: phoenix on September 06, 2022, 12:21:18 PM
That's rather a patronising comment to someone that's trying to help you. If you think you have a 'better' technical point then please enlighten us.
Huh, not sure what thread you're reading but no one is trying to help anyone in this one. Not sure where you would come up with something like that??
As I said already, there's nothing that can be said to change anyone's mind here. It's all personal preference and Franco knows he's not gonna change anything no matter what anyone else says.
And as I also already said, it's very easy to correct the assignments during install, or after install.
So what's your point?