Bridge LAN ports to act like a switch
-
Hmm, well there are quite a few people using that Jetway motherboard and your appliance has the nicer Intel daughter board which is said to be very good. No one has reported similar problems.
At this point you might consider the cause is something different. How many different Windows 7 machines have you tested this with?
Otherwise please post some screenshots of your not working bridge config. You could post your config.xml after you have removed any information you don't want public, passwords IPs etc. We can get a much clearer idea from that.
Steve
-
Hmm, well there are quite a few people using that Jetway motherboard and your appliance has the nicer Intel daughter board which is said to be very good. No one has reported similar problems.
At this point you might consider the cause is something different. How many different Windows 7 machines have you tested this with?
Otherwise please post some screenshots of your not working bridge config. You could post your config.xml after you have removed any information you don't want public, passwords IPs etc. We can get a much clearer idea from that.
Steve
For the moment, I'm trying on 10 Windows 7 machine.
I can not understand what snapshots you want? Where is the config.xml file? How do I view it?
Thanks
Bye
-
"Unfortunately, Windows 7 does not allow to change the network type"
What? You can change the network type whenever you want.
http://www.sevenforums.com/tutorials/43629-network-location-set-home-work-public-network.html
http://www.sevenforums.com/tutorials/71408-unidentified-networks-set-private-public.htmlNow are these win 7 boxes part of a domain?
-
"Unfortunately, Windows 7 does not allow to change the network type"
What? You can change the network type whenever you want.
http://www.sevenforums.com/tutorials/43629-network-location-set-home-work-public-network.html
http://www.sevenforums.com/tutorials/71408-unidentified-networks-set-private-public.htmlNow are these win 7 boxes part of a domain?
No, the computers are in a workgroup.
Thanks
Bye
-
Well then there is no reason why you could not change the type of network your connected too. And it for sure would have NOTHING to do with pfsense if you couldn't
-
Where is the config.xml file? How do I view it?
The config.xml file can be obtained using the backup function under Diagnostics: Backup/Restore:
It contains everything about your pfSense install. Including some stuff you probably don't want to post publically so you should remove that it you do post it here.I am confused though. :-
Please tell me what state your box is in. Did you get the bridge setup correctly in switch mode? What is working? What is not working?Steve
-
Where is the config.xml file? How do I view it?
The config.xml file can be obtained using the backup function under Diagnostics: Backup/Restore:
It contains everything about your pfSense install. Including some stuff you probably don't want to post publically so you should remove that it you do post it here.I am confused though. :-
Please tell me what state your box is in. Did you get the bridge setup correctly in switch mode? What is working? What is not working?Steve
I have noticed that, until step 4 of your procedure, my computers can access the firewall and get onto the Internet. While if I perform step 5, I can not do anything more.
So, I have attached the config.xml configuration file of my firewall so that you can understand where is the problem.
Also, I noticed that, with this configuration, I can not open the 31950 port even if the firewall log shows that it is open. How come?
Thanks
Bye
-
Ah OK. Thanks for that.
Two things I notice straight away:Your WAN has a /8 subnet which is far too large. It should probably be /24.
Your WAN address is in a private IP range so you must have 'Block private networks' unchecked in Interfaces: WAN:
I'm not sure if you have done that already from the config file.
Edit: Now I see you have have unchecked that so ignore that remark.
Is your WAN connected to another router? If so you will need to have port 31950 forwarded on that also.I see you have not yet added em1 to the bridge, is that because this file is taken after step 4 in my instructions?
Adding the interface to the bridge as in step 5 should have no effect of the other interfaces. Perhaps you are adding it incorrectly? Is there anything connected to em1?I see you have not spoofed the MAC address yet in this file.
Steve
-
I believe that you need to be using DHCP, otherwise windows will not allow you to change from public network type. However if you set the bridge MAC to the same as the real mac on the NIC then Windows clients should not even know you changed anything.
-
Really? That would be odd. What public network uses static IPs? If are using static addresses it's almost certain to be a private network. :-\
If you set the bridge MAC to one that already exists you will have two devices on the network with the same MAC. Thus will lead to problems.
Steve
-
Well, it is categorized as a 'Public Network' because that is the most secure profile, however what it is really identified as is "Unidentified Network" I believe this is because it uses the mac address of the DHCP server in order to identify the network.
You would think it could also use the mac of the default gateway, but I don't believe it does, however I haven't tested this fact.
-
Ah OK. Thanks for that.
Two things I notice straight away:Your WAN has a /8 subnet which is far too large. It should probably be /24.
Your WAN address is in a private IP range so you must have 'Block private networks' unchecked in Interfaces: WAN:
I'm not sure if you have done that already from the config file.
Edit: Now I see you have have unchecked that so ignore that remark.
Is your WAN connected to another router? If so you will need to have port 31950 forwarded on that also.I see you have not yet added em1 to the bridge, is that because this file is taken after step 4 in my instructions?
Adding the interface to the bridge as in step 5 should have no effect of the other interfaces. Perhaps you are adding it incorrectly? Is there anything connected to em1?I see you have not spoofed the MAC address yet in this file.
Steve
If I move the LAN interface in the brigde and I set to "none" his configuration type, my computers access no more my firewall and internet (I also tried with a conputer with XP).
In the WAN, because I have set to 24 its netmask when the its address is 10.0.0.2?
Connected to the WAN there is a adsl router (10.0.0.1) configured so that all its ports are open. To be sure, as I can test this with the firewall?
So, where I'm wrong?
Thanks
Bye
-
Ok in step 5 you add the remaining NIC (that was previously assigned as LAN) to the bridge so that you can then use it the same as the other ports. In your case it will be em1. Here is what you should be doing:
Go to Interfaces: (assign): in the webGUI.
Click the '+' button to add another interface. It should appear as opt4.
Use the dropdown selection to set it as em1. It should already be em1 for you as that's the only NIC you have unused.
Go to Interfaces: OPT4: Click enable, set it as type 'none'. Save and apply.
Now go to Interfaces: (assign): Bridges: and edit bridge0. Add OPT4 to the bridge. Save and apply.
Done. :)You can use 10.0.0.2/24 for WAN. That will mean that tries to talk directly to IP addresses ranging 10.0.0.1 to 10.0.0.255. That includes your WANGW address, which is the only address it has to talk to.
Having ports open on your modem is not enough they need to be forwarded also.
It is better to have your modem set to bridge mode so that pfSense receives a public IP or if that's not possible you can sometimes use a DMZ connection. I can't really help you with the modem as they are all different. You could test it by connecting a client directly to the modem (at a 10.0.0.X address) and re run the port test.
Your port forwards and firewall rules in pfSense look good.Steve
-
Yeah right now you are in a situation referred to as being "Double NAT" which can cause quite a bit of problems. If you can remove that first layer (which is the 10.0.0.x IP's) and give the pfsense box the real public IP, you will have a lot easier time with things.
However, this is entirely un-related to setting up the bridge.
-
How do I create the OPT4 interface when my firewall only has 5 network interfaces?
How do I make sure that my pfSense themselves manage the public IP with an ADSL connection in PPPoA?
Thanks
Bye
-
If you read through your config file you'll see that your em1 NIC is no longer assigned to any interface. You can see that in the webgui as well.
WAN em2
LAN bridge0
OPT1 em0
OPT2 em3
OPT3 em4Hence you can add:
OPT4 em1
If you are using an ADSL connection with PPPoA then your modem needs to support PPPoA to PPPoE bridging since pfSense cannot support PPPoA directly. I have that setup with a Draytek V120. What is your modem?
Steve
-
If you read through your config file you'll see that your em1 NIC is no longer assigned to any interface. You can see that in the webgui as well.
WAN em2
LAN bridge0
OPT1 em0
OPT2 em3
OPT3 em4Hence you can add:
OPT4 em1
If you are using an ADSL connection with PPPoA then your modem needs to support PPPoA to PPPoE bridging since pfSense cannot support PPPoA directly. I have that setup with a Draytek V120. What is your modem?
Steve
I have an 150Mbps Wireless N ADSL2+ Modem Router http://www.tp-link.it/products/details/?categoryid=219&model=TD-W8951ND . How should I configure it remembering that I have an ADSL connection in PPPoA?
Thanks
Bye
-
So you got the bridge setup ok?
That router appears to have a bridge mode that might work in pppoa. There is almost no description in the user manual though so it's impossible to say for sure.
In 'Interfaces Setup' in 'Internet' select pppoe/pppoa as the connection type and set 'Bridge Interface' to 'activated'.
If that doesn't work the next best option would be to use the DMZ feature to send all traffic to the pfSense box.
Please start a new thread for that though if the pfSense bridge is now working.Steve
