Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Kein Ping innerhalb einer Bridge?

    Scheduled Pinned Locked Moved Deutsch
    12 Posts 3 Posters 903 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      fummeleisen @viragomann
      last edited by

      @viragomann
      Danke für die schnelle Antwort! Meine diesbezüglichen Einstellungen sehen so aus:

      FirePing.jpg

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @fummeleisen
        last edited by

        @fummeleisen
        Das sind offensichtlich die Regeln der Bridge. Gefiltert wird aber standardmäßig an den Member-Interfaces, wie geschrieben, es sei denn, du hast die Einstellung in den Tunables geändert.

        1 Reply Last reply Reply Quote 0
        • F
          fummeleisen @viragomann
          last edited by

          @viragomann

          Hätte die letzte Regel namens Test nicht ausreichen müssen?

          V F 2 Replies Last reply Reply Quote 0
          • V
            viragomann @fummeleisen
            last edited by

            @fummeleisen
            Noch einmal: Das ist wohl das falsche Regelset.

            Verschiebe diese Regel auf LAN1, wenn der PC auf den CR zugreifen können soll.

            1 Reply Last reply Reply Quote 1
            • F
              fummeleisen @fummeleisen
              last edited by

              @fummeleisen

              Pardon, ich sehe deine Antworten erst, wenn ich selber antworte. Nein, an den Bridge-Members habe ich nichts eingestellt. werde ich gleich mal versuchen.

              F 1 Reply Last reply Reply Quote 0
              • F
                fummeleisen @fummeleisen
                last edited by

                @fummeleisen

                Besten Dank! Hat funktioniert! Schöne Feiertage und einen guten Rutsch!

                1 Reply Last reply Reply Quote 0
                • JonathanLeeJ
                  JonathanLee
                  last edited by JonathanLee

                  Do you allow ping on each of the bridged interfaces they also have firewall rules that are filtered out. A bridge makes a single layer 2 broadcast domain, however the interfaces are still have layer 3 rules to follow on top of the bridge rules. What interfaces are part of your bridge? I think you said LAN1, LAN2, if they are click on the tab for each interface and show the rules you made to allow ICMP traffic please.
                  Screenshot 2023-12-22 at 10.54.16 AM.png
                  Here is an example of mine. I have no bridge between interfaces. I want my WLAN interface ( source: my custom LAN group alias) to be able ping anything and negate the OPT1 interface. Ping anything but not OPT1.

                  Yours should have layer 3 rules on both interfaces

                  • LAN1:
                    allow ICMP from source LAN1 to destination LAN2

                  • LAN2:
                    allow ICPM from source LAN2 to destination LAN1

                  Make sure to upvote

                  F 1 Reply Last reply Reply Quote 1
                  • F
                    fummeleisen @JonathanLee
                    last edited by

                    @JonathanLee

                    Thank You for Your explanations! As newcomer actually I made the doors wide open as a first step (s. LAN2 as example). Next step will be to reduce the apertures by rules on protocol and port restrictions.

                    NewRules.jpg

                    JonathanLeeJ 1 Reply Last reply Reply Quote 1
                    • JonathanLeeJ
                      JonathanLee @fummeleisen
                      last edited by

                      @fummeleisen

                      Quick Note:
                      WAN will block everything unless request comes from inside of the firewall so not many rules if any is needed on that interface, (unless you use VPN or remote desktop, and you need direct wan to lan (webservers etc)).

                      So do not open a any any on wan...... This will render firewall useless if you have a any any on wan interfaces.

                      Example Here is my WAN nothing is allowed.
                      Screenshot 2023-12-22 at 11.24.45 AM.png

                      Here is my LAN all my needs are set here outbound.
                      Screenshot 2023-12-22 at 11.19.41 AM.png

                      Here is my guest WiFi. I don't care about it as long as it doesn't access my secure LAN.

                      Screenshot 2023-12-22 at 11.27.18 AM.png

                      Make sure to upvote

                      F 1 Reply Last reply Reply Quote 1
                      • F
                        fummeleisen @JonathanLee
                        last edited by

                        @JonathanLee

                        Thanks a lot Jonathan for this examples! I will study them thoroughly in the next days. I wish You a nice Christmas!

                        1 Reply Last reply Reply Quote 1
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.