No Outbound Client Traffic Behind Bridge
-
I don't think both interfaces should have IP addresses (certainly not different ones?)
Hello Dan,
Thanks for the reply. The GUI requires an IP on both interfaces. I've tried assigning a bogus 192.168.2.x address to the LAN interface, but that didn't change the behavior, even after a server reboot. I'll give it a shot one more time for kicks. (Changed it to 10.9.0.1, still no go.)
I'm really at a loss, as I've set pfsense up as a transparent bridge numerous times with no issue.
-
This does not sound right. I bridged my wireless with the LAN (and vice-versa) and did not have to provide an IP for the wifi.
-
This does not sound right. I bridged my wireless with the LAN (and vice-versa) and did not have to provide an IP for the wifi.
You don't have to provide an IP for an optional interface (your wifi), but you do for the WAN and LAN interfaces.
Just to add a little more info, unless someone has another suggestion or perhaps some insight as to why this won't work with my VLAN setup, I've given up. Although I really want this to work as I'm not sure what other than a Linux box using bridge utils will do what I need.
-
I'm going to ask my datacenter to move the upstream cable off the switch and directly onto bge1 (WAN), thus removing the VLAN and placing my 3 LAN devices and the pfSense LAN NIC all on the same VLAN. Hopefully the cable is long enough.
-
good luck, let us know how it goes…
-
Ok, the problem I started this thread for was an incompatibility between my Broadcom NIC and my provider's Cisco. I have that resolved, but now I'm experiencing another issue that is still related to the subject.
I have a VPN server behind my pfSense box. pfSense is in bridge mode and not performing NAT. External clients make an inbound PPTP connection through pfSense to the VPN server and are assigned a private IP in the 10.8.0.x range. This range is 1:1 NAT'd to a public range by the VPN server.
I can make inbound VPN connections, but when I do, the client is unable to get back out to the internet. This works perfectly without pfSense in line. If I try to ping Google for example, I see two states in the pfSense logs:
icmp 64.233.169.147:256 <- 209.123.147.125 0:0
icmp 209.123.147.125:256 -> 64.233.169.147 0:0209.123.147.125 is 1:1 NAT'd (on the VPN server, not pfSense) to 10.8.0.125. On the VPN server I see outbound states/sessions, but no inbound traffic.
The VPN server and the pfSense box can both access the internet fine.
Any ideas? Should I put pfSense into NAT mode and use it to perform the 1:1 NAT'ing?
-
Bump. Any ideas at all?
-
Without looking too closely, I can only say that PPTP is not a very NAT-friendly VPN, since the traffic uses GRE, which has no port numbers. This can be problematic.
-
The puzzling part is this worked perfectly fine until pfSense was placed in-line. The PPTP connection from client to PPTP server isn't being NAT'd either.
-
no idea, sorry :(
-
-
I made a few tweaks on the VPN server (added another NIC and assigned the 1:1 NAT addresses to that NIC) and it's working.