Transparent bridge will not pass packets

themelon · Jul 27, 2006, 1:19 AM

Hello all,

I have been trying to configure a transparent bridge firewall with no real luck. I start with a fresh install of pfsense RC1 and configure exactly as described in the tutorial here:

http://www.pfsense.com/mirror.php?section=tutorials/transparent_firewall/transparent_firewall.pdf

but alas, I am unable to get anything to move across it. I have not added or changed any of the default firewall rules. As it is setup by default I should be able to go from LAN to WAN correct? I have tried ping as well as http on a LAN system to a system on the WAN side. I have even add a wide open rule for the WAN interface. It made no difference.

I can ping both test systems from the pfsense console, LAN and WAN IP addresses from the system on the LAN side and only the LAN IP address from the system on the WAN side.

Any clue what is going on here? I admit I am a newb to the *BSD world so I am at a slight disadvantage. My background is Solaris and Linux. What other kind of information can I give you that will aid in diagnosis?

Thanks alot guys and a great job on the product. It has all the features that m0n0wall lacked for what I need.

LAN = 192.168.1.75
WAN = 192.168.1.74

$ ifconfig
em0: flags=8943 <up,broadcast,running,promisc,simplex,multicast>mtu 1500
options=8 <vlan_mtu>inet6 fe80::230:48ff:fe80:cae2%em0 prefixlen 64 scopeid 0x1
inet 192.168.1.75 netmask 0xffffff00 broadcast 192.168.1.255
ether 00:30:48:80:ca:e2
media: Ethernet autoselect (1000baseTX <full-duplex>)
status: active
em1: flags=8943 <up,broadcast,running,promisc,simplex,multicast>mtu 1500
options=8 <vlan_mtu>inet6 fe80::230:48ff:fe80:cae3%em1 prefixlen 64 scopeid 0x2
inet 192.168.1.74 netmask 0xffffff00 broadcast 192.168.1.255
ether 00:30:48:80:ca:e3
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
pflog0: flags=100 <promisc>mtu 33208
enc0: flags=0<> mtu 1536
lo0: flags=8049 <up,loopback,running,multicast>mtu 16384
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5
pfsync0: flags=41 <up,running>mtu 2020
pfsync: syncdev: lo0 maxupd: 128
bridge0: flags=8043 <up,broadcast,running,multicast>mtu 1500
ether ac48:24:fb:da
priority 32768 hellotime 2 fwddelay 15 maxage 20
member: em1 flags=7 <learning,discover,stp>port 2 priority 128 path cost 55 forwarding
member: em0 flags=7 <learning,discover,stp>port 1 priority 128 path cost 55 forwarding</learning,discover,stp></learning,discover,stp></up,broadcast,running,multicast></up,running></up,loopback,running,multicast></promisc></full-duplex></vlan_mtu></up,broadcast,running,promisc,simplex,multicast></full-duplex></vlan_mtu></up,broadcast,running,promisc,simplex,multicast>

ZPrime · Aug 21, 2006, 6:32 AM

You don't have the two ports of the bridge plugged into the same switch or anything silly like that, right? It would help to have a small diagram of how you have it setup, and what is trying to ping/access what…

lsf · Aug 21, 2006, 7:51 AM

Having the same subnet on lan and wan is generally not a good idea ;)

hoba · Aug 21, 2006, 2:17 PM

You usually don't have 2 ipadresses in a bridgescenario. You should only have 1 IP adress here. The Interface that is bridged to another one won't have an IP. Something here is borked. Also you are running RC1 which is way too old to be supported and numrous bugs have been fixed since that release. Update to RC2 and run the updatescripts to go to RC2e. Also rebuild your config from scratch.

In fact I know that the bridge is working correctly as I have tested it inside out lately due to 2 bugreports which in the end showed up to be missconfigurations of some sort.