Interface Naming Terminology

All interfaces on pfSense® software can be assigned any name desired, but they all start with default names: WAN, LAN, and OPT.

WAN

Short for Wide Area Network, WAN is the untrusted public network outside of the firewall. In other words, the WAN interface is the firewall’s connection to the Internet or other upstream network. In a multi-WAN deployment, WAN is the first or primary Internet connection.

At a minimum, the firewall must have one interface, and that is WAN.

LAN

Short for Local Area Network, LAN is commonly the private side of a firewall. It typically utilizes a private IP address scheme for local clients. In small deployments, LAN is typically the only internal interface.

OPT

OPT or Optional interfaces refer to any additional interfaces other than WAN and LAN. OPT interfaces can be additional LAN segments, WAN connections, DMZ segments, interconnections to other private networks, and so on.

DMZ

Short for the military term demilitarized zone, DMZ refers to the buffer between a protected area and a war zone. In networking, it is an area where public servers are reachable from the Internet via the WAN but isolated from the LAN. The DMZ keeps the systems in other segments from being endangered if the network is compromised, while also protecting hosts in the DMZ from other local segments and the Internet in general.

Warning

Some companies misuse the term “DMZ” in their firewall products as a reference to 1:1 NAT on the WAN IP address which exposes a host on the LAN. For more information, see 1:1 NAT on the WAN IP, aka “DMZ” on Linksys.

FreeBSD interface naming

The name of a FreeBSD interface starts with the name of its network driver. It is then followed by a number starting at 0 that increases incrementally by one for each additional interface sharing that driver. For example, a common driver used by Intel gigabit network interface cards is igb. The first such card in a firewall will be igb0, the second is igb1, and so on. Other common driver names include cxl (Chelsio 10G), em (Also Intel 1G), ix (Intel 10G), bge (various Broadcom chipsets), amongst numerous others. If a system mixes an Intel card and a Chelsio card, the interfaces will be igb0 and cxl0 respectively.

See also

Interface assignments and naming are further covered in Installing and Upgrading.