I have pfSense box running with an Intel PCI dual-port gigabit NIC.
However, I’ve recently discovered that this PCI card draws around 10 watts. (I unplugged the PCI card and measured on my Kill-A-Watt.)
So, I came up with a different idea: use an OpenWRT device ahead of the pfsense box to VLAN-tag WAN vs LAN traffic. This additional device allows me to use only one NIC (the motherboard NIC) on my pfsense box. I can remove the PCI card, and all will be well.
It turns out that setting this up was easier to do than I thought. (I was also contemplating buying a managed switch.)
I flashed the OpenWRT image using instructions here. I used the -RC1 image first, and then re-did this with trunk. To be honest, I wasn’t sure what I was doing the first time, so I’m not sure if the version matters.
I logged in using telnet and set a password.
I then logged in using ssh (just for kicks) and began editing configuration, using the Dumb AP instructions. The only difference is that I didn’t remove the VLAN for the WLAN–instead, I just left it and I made port 4 tagged for both VLAN & WLAN. Here is my /etc/config/network
; note that both switch_vlan have a 4t
in them–port 4 is a member of both VLANs (and is tagged):
root@OpenWrt:~# cat /etc/config/network
config interface ‘loopback’
option ifname ‘lo’
option proto ‘static’
option ipaddr ‘127.0.0.1’
option netmask ‘255.0.0.0’
config globals ‘globals’
option ula_prefix ‘fd9f:d820:9e00::/48’
config interface ‘lan’
option ifname ‘eth0.1’
option force_link ‘1’
option type ‘bridge’
option proto ‘static’
option ipaddr ‘192.168.1.5’
option netmask ‘255.255.255.0’
option ip6assign ’60’
# config interface ‘wan’
# option ifname ‘eth0.2’
# option proto ‘dhcp’
# option macaddr ’00:90:a9:cd:a8:40′
#config interface ‘wan6’
# option ifname ‘@wan’
# option proto ‘dhcpv6’
config switch
option name ‘switch0’
option reset ‘1’
option enable_vlan ‘1’
config switch_vlan
option device ‘switch0’
option vlan ‘1’
option ports ‘0t 1 2 3 4t’
config switch_vlan
option device ‘switch0’
option vlan ‘2’
option ports ‘0t 4t 5’
Also, the instructions say how you can disable dnsmasq on one interface only, but what you really want to do (probably) is:
root@OpenWrt:~# /etc/init.d/dnsmasq disable
I then also disabled firewall, and reloaded network settings. I haven’t installed LUCI (it appears that it does not come with the N750 images), and that’s fine–I probably won’t use it much.
One Comment