Interface Naming Terminology¶
All interfaces on pfSense® software can be assigned any name desired, but they all start with default names: WAN, LAN, and OPT.
WAN¶
Short for Wide Area Network, WAN is the untrusted public network outside of the firewall. In other words, the WAN interface is the firewall’s connection to the Internet or other upstream network. In a multi-WAN deployment, WAN is the first or primary Internet connection.
At a minimum, the firewall must have one interface, and that is WAN.
LAN¶
Short for Local Area Network, LAN is commonly the private side of a firewall. It typically utilizes a private IP address scheme for local clients. In small deployments, LAN is typically the only internal interface.
OPT¶
OPT or Optional interfaces refer to any additional interfaces other than WAN and LAN. OPT interfaces can be additional LAN segments, WAN connections, DMZ segments, interconnections to other private networks, and so on.
DMZ¶
Short for the military term demilitarized zone, DMZ refers to the buffer between a protected area and a war zone. In networking, it is an area where public servers are reachable from the Internet via the WAN but isolated from the LAN. The DMZ keeps the systems in other segments from being endangered if the network is compromised, while also protecting hosts in the DMZ from other local segments and the Internet in general.
Warning
Some companies misuse the term “DMZ” in their firewall products as a reference to 1:1 NAT on the WAN IP address which exposes a host on the LAN. For more information, see 1:1 NAT on the WAN IP, aka “DMZ” on Linksys.
FreeBSD interface naming¶
The name of a FreeBSD interface starts with the name of its network driver. It
is then followed by a number starting at 0
that increases incrementally by
one for each additional interface sharing that driver. For example, a common
driver used by Intel gigabit network interface cards is igb
. The first such
card in a firewall will be igb0
, the second is igb1
, and so on. Other
common driver names include cxl
(Chelsio 10G), em
(Also Intel 1G),
ix
(Intel 10G), bge
(various Broadcom chipsets), amongst numerous
others. If a system mixes an Intel card and a Chelsio card, the interfaces will
be igb0
and cxl0
respectively.
See also
Interface assignments and naming are further covered in Installing and Upgrading.