Created a bridge between LAN ports, but they can't see each other
-
Hello.
I'm very new to Pfsense.
I bought a Protectli VP2410 appliance that has 4 ethernet ports. My initial setup is very simple: one desktop and one UniFi Access Point, and therefore I thought of using the extra ports as a switch for the time being. I'm aware it hurts performance, but for now this is not an issue.After installing Pfsense:
ETH1 is set as WAN (default).
ETH2 is set as LAN (default).
ETH3 was disabled.
ETH4 was disabled.- I enabled ETH3 (to which my computer is connected) and ETH4 (to which the Unifi AP is connected) and added them to a bridge called Switch and enabled the new interface through assignments.
- I then created a DHCP server for the interface 'Switch' and gave it a 192.168.x.1/24 IP address (with a pool of 192.168.x.10-192.168.x.245).
- Next, I created a firewall rule for the interface 'Switch' that allows any protocol from any source to any destination. To my understanding, this should have allowed traffic to pass freely between all devices connected to the interface Switch.
In the DHCP leases list I can see that both devices receive a correct IP address from the interface Switch (i.e. in the 192.168.x.0/24 subnet).
I can also get to the internet from my computer, so the WAN side seems to be working properly.My problem is that when I try to ping the access point or SSH into it so I could adopt it, everything times out. I also tried to connect my laptop to ETH4 (instead of the access point), but the problem remains and the computers can't see or ping each other.
Interestingly, if I try to ping the AP or the laptop through Diagnostics>Ping, the attempt is successful and no packets time out or lost.
Not sure if I can SSH into devices from within Pfsense so I haven't tested this.What am I doing wrong here? I'd appreciate any hint or advice.
Thank you.
-
Found the solution here (Protectli's website).
The part I was missing after creating the bridge 'Switch' was the following. It's not enough to create a DHCP server and a firewall rule:
- Navigate to System > Advanced > System Tunables
- Select net.link.bridge.pfil_member and change its value to 0. Click Save
- Select net.link.bridge.pfil_bridge and change its value to 1. Click Save