Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PfSense 2.0-RC1 Bridge Filtering (Transparent) stopped processing rules?

    Scheduled Pinned Locked Moved Routing and Multi WAN
    2 Posts 1 Posters 2.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      FJSchrankJr
      last edited by

      I have a issue then has been haunting me. I setup a transparent bridge between WAN and LAN to filter public IPs. When I added/removed rules initially, it worked but after updating the snapshot it appeared to stop working.

      It's actually a simple setup, just don't know how to go about it in pfSense, maybe I am doing something wrong. It's happened before :-)

      WAN (e0)
      LAN (e1)

      Bridged both.

      System tunables:
      pfil_member set to 1
      pfil_bridge set to 1

      The weird thing is the original rules I created still work but when I deleted them they never stopped the traffic flowing. New rules don't work and removing old rules still allows traffic.

      Any ideas? Thanks all!

      FJS - Embedded Systems Engineer
      Pictures are worth a thousand words, but <u>posting config.xml backups are worth 10,000</u>.  Alter the IPs, change anything revealing but leave subnets intact. Use find and replace. Please try to keep it brief on the description.
      ALWAYS disable TSO  & LRO EXCEPT CHKSUM IF SUPPORTED. TSO/LRO breaks traffic, pf scrub and this goes for any passive device inline

      1 Reply Last reply Reply Quote 0
      • F
        FJSchrankJr
        last edited by

        Ok, semi-resolved

        After I updated to a new snapshot, it started working again. For whatever reason, after I installed 2.0-RC1 and it was working right, then updated a snapshot, it stopped working and now I updated to a snapshot from today and it started working again.

        I will monitor it for 24 hours and post the results then mark this topic resolved.

        FYI, if you're using a transparent bridge make sure you have pfil_member set to 1, and pfil_bridge set to 1. Also make sure all of the rules are in place because it's very easy to lock yourself out of the pfSense box.

        By default, the LAN rule will allow LAN subnet to any, however when you bridge to the WAN there is no longer any LAN subnet so it's very important to change LAN to any, so on the LAN rules you should have ANY ANY.

        FJS - Embedded Systems Engineer
        Pictures are worth a thousand words, but <u>posting config.xml backups are worth 10,000</u>.  Alter the IPs, change anything revealing but leave subnets intact. Use find and replace. Please try to keep it brief on the description.
        ALWAYS disable TSO  & LRO EXCEPT CHKSUM IF SUPPORTED. TSO/LRO breaks traffic, pf scrub and this goes for any passive device inline

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.