Interface Configuration¶
Basic aspects of interface configuration within pfSense® software can be performed at the console and in the setup wizard to start, but changes may also be made after the initial setup by visiting pages under the Interfaces menu. A few basics are covered here, the details can be found in Interface Types and Configuration.
Assign interfaces¶
Interfaces added after the initial setup may be assigned roles by visiting Interfaces > Assignments. There are numerous tabs on that page used for assigning and creating different types of interfaces. The two most commonly used tabs are Interface assignments and VLANs.
See also
VLAN configuration is covered in Virtual LANs (VLANs).
The Interface assignments tab shows a list of all currently assigned interfaces: WAN, LAN, and any OPTx entries configured on the firewall. Next to each interface is a drop-down list of all network interfaces/ports found on the system. This list includes hardware interfaces as well as VLAN interfaces and other virtual interface types. The MAC address, VLAN tag, or other identifying information is printed along side the interface name to aid in identification.
The other tabs, much like the VLAN tab, are there to create additional interfaces which can then be assigned. All of these interface types are covered in Interface Types and Configuration.
To change an existing interface assignment to another network port:
Navigate to Interfaces > Assignments
Locate the interface to change in the list
Select the new network port from the drop-down list on the row for that interface
Click Save
To add a new interface from the list of unused network ports:
Navigate to Interfaces > Assignments
Select the port to use from the drop-down list labeled Available Network Ports
Click
Add
This action will add another line with a new OPT interface numbered higher than any existing OPT interface, or if this is the first additional interface, OPT1.
Interface Configuration Basics¶
Interfaces are configured by choosing their entry from under the Interfaces menu. For example, to configure the WAN interface, choose Interfaces > WAN.
Every interface is configured in the same manner and any interface can be configured as any interface type (Static, DHCP, PPPoE, etc). Additionally, the blocking of private networks and bogon networks may be performed on any interface. Every interface can be renamed, including WAN and LAN, to a custom name. Furthermore, every interface can be enabled and disabled as desired, so long as a minimum of one interface remains enabled.
See also
For detailed interface configuration information, see Interface Types and Configuration
The IPv4 Configuration Type can be changed between Static IPv4, DHCP, PPPoE, PPP, PPTP, L2TP, or None to leave the interface without an IPv4 address. When Static IPv4 is used, an IPv4 Address, subnet mask, and IPv4 Upstream Gateway may be set. If one of the other options is chosen, then type-specific fields appear to configure each type.
The IPv6 Configuration Type can be set to Static IPv6, DHCP6, SLAAC, 6rd Tunnel, 6to4 Tunnel, Track Interface, or None to leave IPv6 unconfigured on the interface. When Static IPv6 is selected, set an IPv6 address, prefix length, and IPv6 Upstream Gateway.
If this a wireless interface, the page will contain many additional options to configure the wireless portion of the interface. Consult Wireless for details.
Note
Selecting a Gateway from the drop-down list, or adding a new gateway and selecting it, will direct the firewall to treat this interface as a WAN type interface for NAT and related functions. This is not desirable for internal-facing interfaces such as LAN or a DMZ. Gateways may still be utilized on those interfaces for static routes and other purposes without selecting a Gateway here on the interfaces page.