- Learn pfSense 2.4
- David Zientara
- 397字
- 2021-08-13 15:56:39
Configuration of LAN-type interfaces
Configuration of an interface for use with a local network differs somewhat from configuration of a WAN interface (which will be used to provide access to public networks). First, we will consider the former case:
- To add optional interfaces, navigate to the Interfaces | Assignments tab, which will show a list of assigned interfaces, and at the bottom of the table, there will be an Available network ports option.
- There will be a corresponding drop-down box with a list of unassigned network ports. These will have device names such as fxp0, em1, and so on.
- To assign an unused port, select the port you want to assign from the drop-down box, and click on the + button to the right.
- The page will reload, and the new interface will be the last entry in the table. The name of the interface will be OPTx, where x equals the number of optional interfaces.
- By clicking on the interface name, you can configure the interface:
- Nearly all the settings here are similar to the settings that were available on the WAN and LAN configuration pages in the pfSense Setup Wizard.
- Some of the options under the General Configuration section, that are not available in the Setup Wizard, are Maximum Segment Size (MSS) and Speed and duplex. Normally, MSS should remain unchanged, although you can change this setting if your internet connection requires it.
- If you click on the Advanced button under Speed and duplex, a drop-down box will appear in which you can explicitly set the speed and duplex for the interface. Since virtually all modern network hardware has the capability of automatically selecting the correct speed and duplex, you will probably want to leave this unchanged.
- The section at the bottom of the page, Reserved Networks, allows you to enable Block private networks, loopback addresses, and Block bogon networks via their respective check-boxes. Although these options are checked by default when configuring the WAN interface, we normally want to allow private networks on internal interfaces, so these options are normally not enabled when configuring non-WAN interfaces.
- If you chose an option other than Static for the Configuration Type, then other options will appear.
Since it is unlikely that internal interfaces will be configured as non-static interfaces, further discussion of these options will take place in the next section on WAN configuration.