Simple Bridging - making an interface a LAN switch
-
I have what is probably a noob question. I have searched the boards and Googled, but I can't find a definitive answer. Here it is:
I have an Alix board with three ethernet interfaces. The third interface will be used for a DMZ after I move, for now I want to use it as an additional LAN port. On the third port, OPT1, I have enabled bridging to the LAN interface and I have enabled the filtering bridge option in the system>advanced menu, and I've added all/all rules for OPT1 to the LAN on the OPT1 interface. I also added a rule for all/all to LAN subnet on the LAN interface. The WAN interface is configured to NAT to the LAN.Two questions:
-
I can ping from workstations on the bridged interfaces hanging off of OPT1 to the LAN, but I can't ping from workstations hanging off the LAN to devices hanging off of OPT1. Why is this? Is it because the WAN interface NATs to the LAN?
-
Do I need to enable the filtering bridge option if I want to allow all traffic between the bridged interfaces?
~~~~~~
(internet)
~~~~~~
|
|pfsense |
–----------
|LAN |OPT1 (Bridged to LAN)
|10.1.1.0 |
| |____
| |
| |
____ Other workstations
|
|
Workstations -
-
Have you watched the filter when you're running the ping?
If there is something blocking it, you'll see it.
Perhaps pasting a screenshot of your rules as well.
-
there's only a couple of rules, I added an ICMP specific rule to the LAN interface when the all/all rule didn't seem to work.
-
and the other ruleset…
![LANbridge rules.JPG](/public/imported_attachments/1/LANbridge rules.JPG)
![LANbridge rules.JPG_thumb](/public/imported_attachments/1/LANbridge rules.JPG_thumb) -
and to answer your other question, I have looked in the firewall log online after pinging, and I also monitored the /etc/filter.log via ssh. I did not see any ICMP packets bound for either interface being dropped.
-
Hello, I have now tried to bridge my WLAN to my LAN, and I get the same effect, i.e, I can ping from the bridged interface to devices on the LAN, but I can't ping from the LAN to devices on the WLAN. All other traffic appears to traverse normally. Would someone please comment on this thread? :o