LAN interface HELP

[JoK]

I have a box with 4 ports, I use one for WAN and the rest for LAN, but only one port is working for internetaccess.

How do I set them up so they work, do they need static IP or ..? The one LAN port that works, is set up with static IP 192.168.1.1 but the rest is DHCP, ...what to do???

[chemlud]

Normally the other interfaces (OPT1, OPT2, ...) have NO firewall rules at all, so nothing will pass these interfaces. Adapt firewall rules for your needs and it should work ;-)

[JoK]

I tried to write the exact same rules as on the working LAN port...no luck. Is there a way to transfer the rules from working LAN to the other 2 non working LAN?

[chemlud]

You copied over the "Allow Source ANY Target ANY" rule, OK, but did you press "Apply" at the top of the page after saving the rule? :-D

Lot's to learn ;-)

[JoK]

Well, I wrote down the setting 2 rules called "Default allow LAN to any rule" and "Default to LAN IPv6 to any rule" , not the "anti lockout rule" they where standard. Yes I pressed apply :-)

[chemlud]

Then you should plug in a computer to any of this "LAN" ports, get an IP according to the DHCP server set and should be able to do the interwebs (potentially there is no DNS, though, do you use unbound? Then choose the two additional Interfaces, if not done yet...).

Can you post the output of

ping 8.8.8.8

and

ping google.com

when done on the opnsense from one of these notoriuos LAN interfaces (Interfaces -> Diagnostics iiirc).

[JoK]

Cant do sh*t...the connected devices cant be reaced and my AppleTV is offline...it gets a 162... address

[JoK]

Now my DHCP server in dashboard show up red

[JoK]

Basicly I want my box with 4 Nic, to act like this:

1 port = WAN
port 2+3 LAN with my computer and AppleTV connected

How do I do this??

WAN port is working perfect, LAN port1 is working perfect...2 and 3 not working

[chemlud]

Hmm, should we start from this f*cked up config? Better you reset everything to START for a fresh try:

System -> Configuration -Defaults

Then reboot (if it doesn't do automagically).

The box will come up with  WAN and LAN. Get an IP on LAN, log in with root/opnsense and there you can do a fresh start.

Do you have access via console or do you do the whole configuration via GUI?

[JoK]

I bought this one https://www.thomas-krenn.com/en/products/application/opnsense-firewalls/les-compact-4l.html

I presumed that the confic. should be 1 port for WAN and 3 for LAN devices, but only one LAN port works....

[JoK]

If I start from scratch, can i use the 3 LAN ports for my devices

[chemlud]

Yes and no. If you want to use the three LAN ports as on your old Cisco or other consumer routers (like a switch) I'm not the right one to talk you through the setup, as I NEVER EVER use this setup. Interfaces on your firewall are much to expensive to use them like a switch. Use ONE interface for your Apple TV (and maybe other Apple devices...), in its own network, so you can control the device closely.

Use the second interface for a network for "serious" stuff like parents, banking etc. And the third for kids, guests and other untrusted devices.

This is my advice. If you need a switch for an interface, buy one, with 4 ports its about 10 Euro...

:-)

[JoK]

OK, thanks :-)