Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Bridge LAN ports to act like a switch

    Scheduled Pinned Locked Moved General pfSense Questions
    61 Posts 10 Posters 101.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      balubeto
      last edited by

      @stephenw10:

      No. Do not use one of the existing MAC addresses. Make up a MAC and use that. It doesn't matter what the address is just that you have defined one to use to prevent pfSense choosing a new one each time at boot.

      Steve

      How do I create a valid MAC address?

      Thanks

      Bye

      balubeto

      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        It simply has to be the correct length of hexidecimal figures. For example you could use: 00:11:22:33:44:55
        That would be obviously fake which is useful to anyone trying to diagnose a problem later.
        See screenshot from my Status: Interfaces: page.

        Steve

        ![bridge status.jpg](/public/imported_attachments/1/bridge status.jpg)
        ![bridge status.jpg_thumb](/public/imported_attachments/1/bridge status.jpg_thumb)

        1 Reply Last reply Reply Quote 0
        • E
          extide
          last edited by

          @balubeto:

          Ok but how do I view and change the IP address of Bridge0 so that it has 192.168.1.254 as IP?

          In other words, it is possible to have this configuration:

          1. 10.0.0.1          –-> WAN Gateway

          2. 192.168.1.1      ---> LAN Gateway (in order to access the firewall with this IP address)

          3. 192.168.1.254  –-> Bridge0

          If so, how do I do this?

          Thanks

          Bye

          I think you are mis-understanding this. When you create a bridge the NIC doesnt have an IP anymore, the bridge actually has the ip, and the bridge represents any or all of the nic's in the bridge.

          So you will end up like this:

          1. 10.0.0.1          –-> WAN Gateway

          2. 192.168.1.1      ---> Bridge0 / LAN Gateway (in order to access the firewall with this IP address)

          There is no need for an additional IP.

          1 Reply Last reply Reply Quote 0
          • B
            balubeto
            last edited by

            I tried to insert a fictitious MAC address to the LAN interface before including it in the Bridged0 but, then, Windows 7 still identify the connection between my computer and the firewall as an unidentified network and thus I have the same problems as before . So when I have to insert this MAC?

            Thanks

            Bye

            balubeto

            1 Reply Last reply Reply Quote 0
            • E
              extide
              last edited by

              Well, yes it will be un-identified initially, but once you mark that network at private, then it should stay that way.

              1 Reply Last reply Reply Quote 0
              • B
                balubeto
                last edited by

                @extide:

                Well, yes it will be un-identified initially, but once you mark that network at private, then it should stay that way.

                No, the problem is that Windows 7 identifies the connection as a public network not identified even if I restart the firewall from console. Unfortunately, Windows 7 does not allow to change the network type, and then I can no longer access the firewall via web and the internet. So, how do I fix this?

                Thanks

                Bye

                balubeto

                1 Reply Last reply Reply Quote 0
                • stephenw10S
                  stephenw10 Netgate Administrator
                  last edited by

                  See my screenshot a few posts back for how it should be setup. My interface is named LAN5, yours will be named LAN.

                  You need to insert the fake MAC onto LAN after you have assigned it as bridge0. The problem is that Windows looks at the MAC address of the DHCP server. The DHCP server is running on LAN (bridge0) so the MAC changes at every boot and Windows warns you that you have connected to a new, unknown, DHCP server.

                  Steve

                  1 Reply Last reply Reply Quote 0
                  • E
                    extide
                    last edited by

                    Also once you have completed the above steps, you WILL get an 'unidentified network' popup, but once you accept it there it should not come up again.

                    1 Reply Last reply Reply Quote 0
                    • B
                      balubeto
                      last edited by

                      @stephenw10:

                      See my screenshot a few posts back for how it should be setup. My interface is named LAN5, yours will be named LAN.

                      You need to insert the fake MAC onto LAN after you have assigned it as bridge0. The problem is that Windows looks at the MAC address of the DHCP server. The DHCP server is running on LAN (bridge0) so the MAC changes at every boot and Windows warns you that you have connected to a new, unknown, DHCP server.

                      Steve

                      It is possible to disable this DHCP server on LAN (Bridge0). If so, how do I do this?

                      Thanks

                      Bye

                      balubeto

                      1 Reply Last reply Reply Quote 0
                      • stephenw10S
                        stephenw10 Netgate Administrator
                        last edited by

                        You can disable the dhcp server. It won't help though. Unless you have spoofed the MAC on LAN Windows will still see it as a new network.

                        Are you using all static IPs.

                        Steve

                        1 Reply Last reply Reply Quote 0
                        • E
                          extide
                          last edited by

                          @balubeto:

                          @stephenw10:

                          See my screenshot a few posts back for how it should be setup. My interface is named LAN5, yours will be named LAN.

                          You need to insert the fake MAC onto LAN after you have assigned it as bridge0. The problem is that Windows looks at the MAC address of the DHCP server. The DHCP server is running on LAN (bridge0) so the MAC changes at every boot and Windows warns you that you have connected to a new, unknown, DHCP server.

                          Steve

                          It is possible to disable this DHCP server on LAN (Bridge0). If so, how do I do this?

                          Thanks

                          Bye

                          You probably don't want to do this. When you make the bridge you are essentially replacing Lan0 and Lan1, and Lan2, etc with Bridge0. Nothing will be running directly on Lan0, 1, etc anymore, everything that WAS running on lan0, 1, etc will now be running on bridge0.

                          So, if you previously had DHCP before and would like to keep it you will need to have it enabled. This is not 'another' DHCP server, this is the DHCP server.

                          Now, if you were not using DHCP in the first place at all, then yes you would want to disable it.

                          1 Reply Last reply Reply Quote 0
                          • B
                            balubeto
                            last edited by

                            I have found the main problem:

                            Starting from the default parameters of pfSense and performing the initial setup to make sure that the LAN and WAN interfaces are working with the type of static address, I tried to insert the MAC address of my computer or a MAC fictitious in the MAC address field of the LAN interface of pfSense. Applying these changes and restarting the firewall from the console, Windows 7 SP1 64-bit identifies the connection as a public network not identified. How come?

                            Thanks

                            Bye

                            balubeto

                            1 Reply Last reply Reply Quote 0
                            • stephenw10S
                              stephenw10 Netgate Administrator
                              last edited by

                              Because the MAC has changed. However if you then reboot the box again you should find that Windows connects without a warning as the MAC will remain whatever you set it to be.
                              Windows maintains a list of known networks with the MAC addresses of whatever it talks to on those networks. If it starts talking to a new MAC that isn't in the list it warns you.

                              Steve

                              1 Reply Last reply Reply Quote 0
                              • B
                                balubeto
                                last edited by

                                @stephenw10:

                                Because the MAC has changed. However if you then reboot the box again you should find that Windows connects without a warning as the MAC will remain whatever you set it to be.
                                Windows maintains a list of known networks with the MAC addresses of whatever it talks to on those networks. If it starts talking to a new MAC that isn't in the list it warns you.

                                Steve

                                the problem is that, even if I restart the firewall from the console with the new MAC, Windows identifies the new connection directly as a public network not identified without the possibility to change its type.

                                So, how do I change its type?

                                Thanks

                                Bye

                                balubeto

                                1 Reply Last reply Reply Quote 0
                                • M
                                  matguy
                                  last edited by

                                  @balubeto:

                                  @stephenw10:

                                  Because the MAC has changed. However if you then reboot the box again you should find that Windows connects without a warning as the MAC will remain whatever you set it to be.
                                  Windows maintains a list of known networks with the MAC addresses of whatever it talks to on those networks. If it starts talking to a new MAC that isn't in the list it warns you.

                                  Steve

                                  the problem is that, even if I restart the firewall from the console with the new MAC, Windows identifies the new connection directly as a public network not identified without the possibility to change its type.

                                  So, how do I change its type?

                                  Thanks

                                  Bye

                                  But, after it's set, do the Windows boxes keep notifying you again, later.  From what I understand, it should do it once after you set the MAC, but once Windows identifies it, as long as you don't change the Bridge MAC again, it shouldn't keep bothering you.

                                  1 Reply Last reply Reply Quote 0
                                  • B
                                    balubeto
                                    last edited by

                                    @matguy:

                                    @balubeto:

                                    @stephenw10:

                                    Because the MAC has changed. However if you then reboot the box again you should find that Windows connects without a warning as the MAC will remain whatever you set it to be.
                                    Windows maintains a list of known networks with the MAC addresses of whatever it talks to on those networks. If it starts talking to a new MAC that isn't in the list it warns you.

                                    Steve

                                    the problem is that, even if I restart the firewall from the console with the new MAC, Windows identifies the new connection directly as a public network not identified without the possibility to change its type.

                                    So, how do I change its type?

                                    Thanks

                                    Bye

                                    But, after it's set, do the Windows boxes keep notifying you again, later.  From what I understand, it should do it once after you set the MAC, but once Windows identifies it, as long as you don't change the Bridge MAC again, it shouldn't keep bothering you.

                                    Dropping for a moment the creation of the switch, how do I set a MAC address to the LAN interface preventing Windows 7 from identifying this connection as unidentified public network?

                                    Thanks

                                    Bye

                                    balubeto

                                    1 Reply Last reply Reply Quote 0
                                    • stephenw10S
                                      stephenw10 Netgate Administrator
                                      last edited by

                                      If you are not using a bridge at all then you should not have to do anything with the MAC address of the LAN NIC. It will always use the real MAC read fro the card itself. Windows should only ask you once 'what type of network are you connecting to?'.

                                      Are you still using all statically assigned IPs?

                                      If it's seeing new networks each time you have a different problem.

                                      What hardware are you running?

                                      Steve

                                      1 Reply Last reply Reply Quote 0
                                      • B
                                        balubeto
                                        last edited by

                                        @stephenw10:

                                        If you are not using a bridge at all then you should not have to do anything with the MAC address of the LAN NIC. It will always use the real MAC read fro the card itself. Windows should only ask you once 'what type of network are you connecting to?'.

                                        Are you still using all statically assigned IPs?

                                        If it's seeing new networks each time you have a different problem.

                                        What hardware are you running?

                                        Steve

                                        I had done the test without bridge only to understand something.

                                        I always use the static IP.

                                        My firewall is http://www.firewallhardware.it/en/appliance_utm2.html . By chance, is there some parameters of the BIOS that could cause my problem?

                                        Thanks

                                        Bye

                                        balubeto

                                        1 Reply Last reply Reply Quote 0
                                        • stephenw10S
                                          stephenw10 Netgate Administrator
                                          last edited by

                                          Hmm, well there are quite a few people using that Jetway motherboard and your appliance has the nicer Intel daughter board which is said to be very good. No one has reported similar problems.

                                          At this point you might consider the cause is something different. How many different Windows 7 machines have you tested this with?

                                          Otherwise please post some screenshots of your not working bridge config. You could post your config.xml after you have removed any information you don't want public, passwords IPs etc. We can get a much clearer idea from that.

                                          Steve

                                          1 Reply Last reply Reply Quote 0
                                          • B
                                            balubeto
                                            last edited by

                                            @stephenw10:

                                            Hmm, well there are quite a few people using that Jetway motherboard and your appliance has the nicer Intel daughter board which is said to be very good. No one has reported similar problems.

                                            At this point you might consider the cause is something different. How many different Windows 7 machines have you tested this with?

                                            Otherwise please post some screenshots of your not working bridge config. You could post your config.xml after you have removed any information you don't want public, passwords IPs etc. We can get a much clearer idea from that.

                                            Steve

                                            For the moment, I'm trying on 10 Windows 7 machine.

                                            I can not understand what snapshots you want? Where is the config.xml file? How do I view it?

                                            Thanks

                                            Bye

                                            balubeto

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.