I'm new to BSD and have a problem creating a virtual NIC. Trying out OPNSense and that uses FreeBSD so...
The M/B only has one NIC on this miniATX but I need two and no there's no room or PCI outlet so...
There is a PCIe but I ain't got one of those.

Have tried the thing I used in CentOS, (think it was like that) but that won't work.

Searched a lot but nothing I find seems to work.
Have seen something they call alias but as far as I've seen that is only on the same network but has to be different NetMask or an error shows up as they say.

Anyone knows this?
Another thing, if I can use this Virt-NIC on a different network, is that less secure then to use 2 separate NICs as for a firewall thingy?
If so I need to get a NIC for PCIe or change M/B but I'm trying to get the quickest thing available for now.



//B52

Are you thinking of VLANs? Using VLANs -- the standard is IEEE 802.1Q -- is one way of logically segmenting a physical network, and generally requires a managed switch that supports the standard. FreeBSD supports these. For provisioning, start here: https://www.freebsd.org/doc/handbook/network-vlan.html. For background on VLANs, start here: https://en.wikipedia.org/wiki/Virtual_LAN.

Have no clue if VLAN is the same as a Virtual NIC.
With the thing I showed I can add lots of virtual NICs that has unique IP-addresses that don't need to have the same submask, eg. eth0:0, eth0:1, eth0:2, eth0:3, eth0:4

If I can get this to work with VLAN and that works for me as two separate NICs with IPs at different networks, in this case one for LAN and one for WAN it should work.
Also the thing about how secure it is as a firewall with only one NIC if that makes any difference

It's a bit unclear what you're looking to accomplish, but is seems that you want to bind more than one IP address to the same interface.

In Linux, this used to be done using aliases, which were (as you say) a bit like virtual NICs, in that you could assign multiple addresses that would then end up being bound to the same physical interface. This practice has been deprecated for quite some time, and instead multiple addresses are simply added to the same interface.

Under BSD, it seems the alias method is still in use, but the syntax of the ifconfig command differs slightly from Linux. Here's a really old page showing how it's done, and here's a much more recent forum post detailing the exact same procedure.

OK, thanks, I'll check 'em and hope for the best

I know I'm a bit 'old fashioned' as it's bit a long, long.... loooong time I did this.
Later I just used 2 separate NICs but in this case I can't unless I get a PCIe NIC and do some invasive changes to the chassis for this as there ain't no outlet for it.

Was thinking of using this as a tiny new FW as my ISP delivered router sucks.
To get a port forwarding for P80 and not showing the internal webserver of the router to EVERONE ON THIS PLANET thus making it hackable to anyone... and NO!! the internal "uncheck"-function of that doesn't work.

btw... that seems interesting and also kinda news to me...
gimme a link so I can read up on that.



PS. and again... how SECURE is it with a single NIC with multiple IPs instead of 2 NICs?

An alias address is merely a secondary address to which the NIC will respond - as an example, the NIC will respond to ARP requests "who has address a.b.c.d?" when any ARP request contains a provisioned address. There is no physical or logical separation of packets on the attached network or in the OS network stack, until a process binds an IP address to a socket; see the bind(2) system call man page for more information.

The VLAN technology I discussed above can be either a logical separation (tagged Ethernet frame) or a physical separation (untagged Ethernet frame). A managed switch which supports the technology is used to separate logical networks into different physical networks, where tagged frames share connections to servers in a "backbone" communication and untagged frames are sent to separate physical networks. Additionally, many OSes that support VLANs treat each VLAN pseudo-NIC uniquely in their protocol stacks for further isolation.

Where is moderator??
It is important.
Regards.