Kein Ping innerhalb einer Bridge?
-
@fummeleisen
Hast du den Ping auch mit entsprechender Firewall-Regel erlaubt?
Standardmäßig filtert die pfSense trotz Bridge an den Member-Interfaces, und erlaubt ist nur, wofür es eine Pass-Regel gibt. -
@viragomann
Danke für die schnelle Antwort! Meine diesbezüglichen Einstellungen sehen so aus:
-
@fummeleisen
Das sind offensichtlich die Regeln der Bridge. Gefiltert wird aber standardmäßig an den Member-Interfaces, wie geschrieben, es sei denn, du hast die Einstellung in den Tunables geändert. -
Hätte die letzte Regel namens Test nicht ausreichen müssen?
-
@fummeleisen
Noch einmal: Das ist wohl das falsche Regelset.Verschiebe diese Regel auf LAN1, wenn der PC auf den CR zugreifen können soll.
-
Pardon, ich sehe deine Antworten erst, wenn ich selber antworte. Nein, an den Bridge-Members habe ich nichts eingestellt. werde ich gleich mal versuchen.
-
Besten Dank! Hat funktioniert! Schöne Feiertage und einen guten Rutsch!
-
Do you allow ping on each of the bridged interfaces they also have firewall rules that are filtered out. A bridge makes a single layer 2 broadcast domain, however the interfaces are still have layer 3 rules to follow on top of the bridge rules. What interfaces are part of your bridge? I think you said LAN1, LAN2, if they are click on the tab for each interface and show the rules you made to allow ICMP traffic please.
Here is an example of mine. I have no bridge between interfaces. I want my WLAN interface ( source: my custom LAN group alias) to be able ping anything and negate the OPT1 interface. Ping anything but not OPT1.Yours should have layer 3 rules on both interfaces
-
LAN1:
allow ICMP from source LAN1 to destination LAN2 -
LAN2:
allow ICPM from source LAN2 to destination LAN1
-
-
Thank You for Your explanations! As newcomer actually I made the doors wide open as a first step (s. LAN2 as example). Next step will be to reduce the apertures by rules on protocol and port restrictions.
-
Quick Note:
WAN will block everything unless request comes from inside of the firewall so not many rules if any is needed on that interface, (unless you use VPN or remote desktop, and you need direct wan to lan (webservers etc)).So do not open a any any on wan...... This will render firewall useless if you have a any any on wan interfaces.
Example Here is my WAN nothing is allowed.
Here is my LAN all my needs are set here outbound.
Here is my guest WiFi. I don't care about it as long as it doesn't access my secure LAN.
-
Thanks a lot Jonathan for this examples! I will study them thoroughly in the next days. I wish You a nice Christmas!
