rancid-lemon Posted January 24, 2014 Share Posted January 24, 2014 Got a quick question for you guys, I'm hoping someone can help me find the best way round my problem! for my home internet I'm running pfSense in a VM on an esxi server. Currently I have 3 physical adaptors wan (going to modem), management (going to physical switch), and LAN (going to physical switch). My physical switch has run out of ports, but I have a free one on the server, which I would like to turn into an extra LAN port. Can anyone suggest the best way of achieving this? I got lost in vSwitches, uplinks and bridging! Cheers, rancid Link to comment Share on other sites More sharing options...
+BudMan MVC Posted January 24, 2014 MVC Share Posted January 24, 2014 You would have to create a new vswitch and connect to new vm interface in pfsense and then in pfsense bridge the interfaces. Not a real good solution - buy another switch or one with more ports is what I would suggest you do as the correct solution to lack of ports problem. Other option option is to run your vmkern as port group on same vswitch your lan nic on the esxi host is connected and then unplug your vmkern nic from your switch to free up port on switch. vmkern can share same physical nic with your lan network, just take a bit of performance hit when moving stuff to and from the datastore. Link to comment Share on other sites More sharing options...
+John Teacake MVC Posted January 24, 2014 MVC Share Posted January 24, 2014 Why dont you get a HP Dual Nic for ESXi then Install PfSense in a VM and have two interfaces (WAN/LAN) That would free up a port. Link to comment Share on other sites More sharing options...
rancid-lemon Posted January 24, 2014 Author Share Posted January 24, 2014 @budman any chance you could elaborate on how to achieve this? I have created the switch but im lost after that! @ChuckFinley I think you are suggesting the same as budman? i.e. have the mgmt port on the same physical port as LAN. I would do this but seen as I have free ports it seems stupid to take the performance hit. Maybe I will look at getting another switch sooner than I had expected. Cheers all, rancid *If that attached pic appears as huge for you as it does for me I apologise, i don't know what happened there! :P Link to comment Share on other sites More sharing options...
+BudMan MVC Posted January 24, 2014 MVC Share Posted January 24, 2014 Create a new vm interface in pfsense, and then attach it to vswitch3 (extra lan) and then in pfsense BRIDGE the 2 interfaces. I highly suggest against this.. A switch cost what? You move data to and from your datastore how often? I rarely, rarely move anything to my datastore. Other then when a new linux distro comes out and want to create a new vm with the at iso, etc. Bridging interfaces in pfsense is going to bring its own set of issues ;) You will only see the hit when accessing the data store to upload/download something from it - normal devices using the non vmkern portgroup on the same vswitch will have normal performance. Link to comment Share on other sites More sharing options...
rancid-lemon Posted January 24, 2014 Author Share Posted January 24, 2014 Point taken, I think then that I will merge the mgmt port onto the LAN and just not worry too much about it :) Perhaps a switch would be useful anyway, its always handy to have a few spare ports available. Cheers for the advice. rancid Link to comment Share on other sites More sharing options...
+BudMan MVC Posted January 25, 2014 MVC Share Posted January 25, 2014 Yeah you can never have too many switch ports available. But vs bridging, why don't you just create a new network segment and route between them. Say your wireless lan segment, do you have a AP plugged into your current switch? To be honest you could prob use the w7 vm there, its pretty straight forward in bridging interfaces vs pfsense ;) But bridging is not a good solution even if no issues with it, but creating a new segment make sense in correct network design. Since your using pfsense as your router - I have to assume you have some old wireless router laying around your using as an AP currently - which I guess is plugged into your switch you need to free up a port on? Break your wireless out to its own segment. Use pfsense to firewall between your lan and wlan. Now even if your wireless is compromised, you let a guest on with some nasty worm.. Your lan is secure. Example any wireless clients can only talk to my ntp server, and the internet and dmz in my setup. They can not talk to lan. Since they really have no reason too. Think of this way, when you break out wireless to its own segment, all your wired boxes broadcast traffic is not now going out your wireless network. Link to comment Share on other sites More sharing options...
rancid-lemon Posted February 4, 2014 Author Share Posted February 4, 2014 @Budman My AP is/was my current switch (as you mention later, an old router), it had flakey wireless so I have disabled that and bought a proper AP. Still using it as a switch though. This was the reason for needing another port in the first place. I'm liking the segment idea, my wireless definitely needs looking at. Performance wise it is definitely much better! There is no config on it currently though, just running straight LAN connection. Need to play around with it, not sure what features I will use from pfSense and what from its own config. It's a unifi ap so plenty to play around with. I'm looking forward to having some time to have a play. n.b. I actually discovered that the AP has a second bridged LAN port. That was a nice surprise :) certainly made it quick to get up and running. Still leaves me with no spare ports though! *Potential to change the vmkern if required still though. Link to comment Share on other sites More sharing options...
Recommended Posts