Qotom hardware

Wombat · August 16, 2018, 02:50:51 PM

Quote from: marjohn56 on May 24, 2018, 08:02:51 PM
When you create the bridge, first assign the two unused NICs to the bridge, do not change the the physical NIC port your pc is connected to at that point. Next re-assign the LAN to the bridge interface, you'll appear to lose the connection, at this point you need to connect your physical LAN cable to one of the two NICs assigned to the bridge, wait about 30 seconds, refresh your browser and you should be back in business, now add the third NIC to your bridge and you are done.

Thanks for this insight MARJOHN56, I am also setting up opnsense as router switch but have stumbled to get my LAN on more than one NIC. I understand all of it except 're-assign the LAN to the bridge interface'? Is this changing the name on LAN to something else (LAN1) AND bridge0 to LAN in the interfaces. Also when to remove the fixed IP address off the old LAN, before or after moving computer to the bridge NIC.
I have had great difficulty in the opnsense gui seeing just how LAN was linked to WAN so I Could visualise what is connected to what and change it.

Wombat · August 16, 2018, 02:56:32 PM

Quote from: marjohn56 on May 24, 2018, 08:02:51 PM
When you create the bridge, first assign the two unused NICs to the bridge, do not change the the physical NIC port your pc is connected to at that point. Next re-assign the LAN to the bridge interface, you'll appear to lose the connection, at this point you need to connect your physical LAN cable to one of the two NICs assigned to the bridge, wait about 30 seconds, refresh your browser and you should be back in business, now add the third NIC to your bridge and you are done.

Thanks for this insight MARJOHN56, I am also setting up opnsense as router switch but have stumbled to get my LAN on more than one NIC. I understand all of it except 're-assign the LAN to the bridge interface'? Is this changing the name on LAN to something else (LAN1) AND bridge0 to LAN in the interfaces. Also when to remove the fixed IP address off the old LAN, before or after moving computer to the bridge NIC.
I have had great difficulty in the opnsense gui seeing just how LAN was linked to WAN so I Could visualise what is connected to what and change it.
Sorry if this posts twice...having serious internet latency problems...need this router workig to see why and prove it is the telco not my lan.

marjohn56 · August 16, 2018, 05:45:20 PM

No, once you have created the bridge as I explained, go to interfaces->Assignments. On the LAN interface select the bridge as the networks port.

marjohn56 · August 17, 2018, 09:36:32 AM

Just noticed something you wrote, you do not need to change anything on LAN settings page itself. You will see you have three OPT* interfaces, just make sure they are enabled but have no addresses set. Then add the unused OPT* to the bridge.. job done.

Wombat · August 17, 2018, 10:22:17 AM

Thanks Marjohn56, that is what I did first (renamed LAN as LAN1, Then renamed LANBridge as LAN), didnt work as there is some referencing in the background that got screwed.
So have got it working, with 6 LAN connections plus 1 for WAN. Haven't tried to assign the original port (em0) back in to the bridge as first time I did that I lost all connectivity through the gui, easy recovered using backup on the console. But a bit more stable now so will do that tomorrow.
But now I have a problem that I cannot communicate between LAN router NICs. I can ping anything (that supports ping) from the OPNSense Console, put if I want to connect, say with a browser to a server on another router bridge NIC there is no connection. I can connect with other devices on the same NIC (router connects directly two switches and one AP) plus a few direct devices. I also seem to have a very slow connection ( but that may be the WAN, as soon as I move a moderate bit of data over it, latency is 1 to 8 seconds and lost packets gets as high as 18%) between LAN devices.
A single DHCP is working (part of bridge), and devices connecting OK with it and setting up IP (most static, a few dynamic), DNC and Gateway and DHCP server ok. All are connecting with internet albeit its latency issue is frustrating.
Router hardware capacity is idling so not a problem.
So is there a setting I am missing to allow all network communications between all NICs connected to the bridge.

Thanks
Ian

Sent from my SM-P585Y using Tapatalk

marjohn56 · August 17, 2018, 10:32:01 AM

What hardware are you using?

monstermania · August 17, 2018, 10:39:45 AM

Quote from: Wombat on August 17, 2018, 10:22:17 AM
So is there a setting I am missing to allow all network communications between all NICs connected to the bridge.

Hi,
if you wan't to use all brigded interfaces like an (umanaged) switch you have to change the system tunables.
https://www.infotechwerx.com/blog/Creating-a-Simple-pfSense-Bridge

best regards
Dirk

marjohn56 · August 17, 2018, 11:04:21 AM

Good point, need to create a wiki doc for this, I'll try and do one next week.

Wombat · August 18, 2018, 07:57:03 AM

Thanks again monstermania and Marjohn56. Setting those two attributes in tunables did the trick and things are working nicely (until I changed my flow in Node-red and it stopped!
I had been ignoring pfsense help and forums as opnsense was largely rewritten....but now realise menu structure is very similiar.

As for my hardware, it is a old PC, i5-2500, 8gb Ram, 120 gb ssd and a hdd, with 2 of HP NC364T quad port 4 NIC PCIe cards (and onboard realtek Ethernet and another very old fast ethernet card which I might activate). I have seen the chipsets but currently can find it again (think it was the console when running zeroshell... abandon when PPPoE would not work which appears to be a Telstra tg797n problem in the end). The HP card is Intel chipsets.
Modem now is a netgear d7000 in modem only mode, network is all on one subnet with static IP for most devices, physically the Router direct connects to a 8 port engenius switch, and a 24 port netgear switch (both have 50% PoE ports for IOT things), two engenius AP (one to router, one to Netgear switch), IP Camera and lots of end devices mostly on the switches or AP.

Although I have bridge set up as a unmanaged switch now, I am interested if there is a more efficient way to set this up. Not sure if the unmanage switches are smart enough i that they only route traffic onto the port where the device is connected...or it 'broadcasts' it on all ports hoping one has the device with that IP is connected. May i the future need to make work smarter to reduce network loading (especially if I add a few more IP cameras).

Next will be to sort out openVPN port so I can access the LAN securely from the Ethernet (via droid tablet and laptop) when away from home.

Ian

Sent from my SM-P585Y using Tapatalk

Nekromantik · August 28, 2018, 02:20:15 PM

Wont it be easier to have only 2 ports and connect LAN port of opnsense to a switch?
Run everything off switch to get best performance?
Software bridge is not recommended most places.

marjohn56 · August 28, 2018, 02:43:02 PM

That's the preferred method. Really depends how much traffic is on the individual ports. In my case it's Port2 _> Modem_Lan for monitoring purposes and Port1 -> rest of LAN. I could of course have put the modem onto a second network address range and achieved the same thing, but I went from using a switch to a bridge as it was quicker.

Nekromantik · August 28, 2018, 02:51:20 PM

Quote from: marjohn56 on August 28, 2018, 02:43:02 PM
That's the preferred method. Really depends how much traffic is on the individual ports. In my case it's Port2 _> Modem_Lan for monitoring purposes and Port1 -> rest of LAN. I could of course have put the modem onto a second network address range and achieved the same thing, but I went from using a switch to a bridge as it was quicker.

True.
Im currently running my LAN off my Netgear router acting as a WLAN AP and switch but of course its also software switch and not actual switch.

rungekutta · August 28, 2018, 05:34:19 PM

Quote from: Wombat on August 18, 2018, 07:57:03 AM
Although I have bridge set up as a unmanaged switch now, I am interested if there is a more efficient way to set this up. Not sure if the unmanage switches are smart enough i that they only route traffic onto the port where the device is connected...or it 'broadcasts' it on all ports hoping one has the device with that IP is connected. May i the future need to make work smarter to reduce network loading (especially if I add a few more IP cameras).

Small (5 port) gigabit hardware switches are very cheap these days and (at least Netgear and D-Link) very reliable too. Those definitely function as you mention ie keep tables of MAC addresses reachable at each port and route traffic accordingly. Old 'hubs' from the days of 10 Mbit Ethernet used to broadcast indiscriminately but that was quite a while ago.

Not sure if there are many strong cases for software bridging these days given how cheap the hardware is? At least if you're trying to minimise complexity and chances of things going wrong in connection with software updates etc...

monstermania · August 29, 2018, 08:11:08 AM

Quote from: rungekutta on August 28, 2018, 05:34:19 PM
Not sure if there are many strong cases for software bridging these days given how cheap the hardware is?

By the way. One big point for me is energy consumption and space! I use bridging to connect my wlan ap to OPNsense. The ap get his power by PoE from the OPNsene power supply. So i don't need an external switch that uses space an need his own power supply.

best regards
Dirk

Wombat · August 31, 2018, 05:09:22 AM

Thankyou all for your help above. Switch vse hub differences was enlightening. I have now got this OPNSense router working quite nicely, as a router/Switch/Gateway for a my network, and the whole system suddenly started to work more well once I set the bridge setting filters to the LAN in Tunables.
Also got unbounded DNS working (can use names like BMS/ rather than IP addresses to access devices web interfaces) and configured OpenVPN which appears to work (just need to access it remotely check I can access the network).
I then need to findout how to block access to the Router Web interface from WAN (as I should access remotely it through VPN), havent seen a immediate setting for that, maybe it is a router rule.
I will leave it as a Router/Switch (with 6 (7 when I enable the last NIC I used to initially set it up)) as it allows me to use some of the tools like Insight and PRTG to see what traffic is running between parts of the network as well as the WAN (albeit I can't see traffic that does not exit any of the attached switches/AP). This has been useful as I have finally found which computer currently stomps on the network. It looks like this PC, OneDrive keeps trying to upload .pst file over a limited uplink (usually only 300kB up, 6.5MB down), but there is other stuff uploading so it is about to be backed up and W10 clean installed.

Qotom hardware

Wombat

August 16, 2018, 02:50:51 PM #15

Wombat

August 16, 2018, 02:56:32 PM #16

marjohn56

August 16, 2018, 05:45:20 PM #17

marjohn56

August 17, 2018, 09:36:32 AM #18

Wombat

August 17, 2018, 10:22:17 AM #19

marjohn56

August 17, 2018, 10:32:01 AM #20

monstermania

August 17, 2018, 10:39:45 AM #21

marjohn56

August 17, 2018, 11:04:21 AM #22

Wombat

August 18, 2018, 07:57:03 AM #23

Nekromantik

August 28, 2018, 02:20:15 PM #24

marjohn56

August 28, 2018, 02:43:02 PM #25

Nekromantik

August 28, 2018, 02:51:20 PM #26

rungekutta

August 28, 2018, 05:34:19 PM #27 Last Edit: August 28, 2018, 05:35:53 PM by rungekutta

monstermania

August 29, 2018, 08:11:08 AM #28

Wombat

August 31, 2018, 05:09:22 AM #29