Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Bridged Lan to Wan not routing traffic

    Scheduled Pinned Locked Moved
    General pfSense Questions
    bridge
    3
    5
    616
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      AlmightyJu
      last edited by

      So I'm trying to create a setup that has a single WAN in which has a few public IP's available which should bridge over to what i have called "Statics", which is just OPT2 which will go to a switch that needs to simply work as a transparent firewall.

      I then have 2 dhcp networks, one called DHCP and one called Phones which are just a simple NAT'd dhcp addresses for internet access which works fine.

      The static bridge however I can't seem to get working despite everything I've read on the internet, I've created the bridge and disabled NAT for that range (at least I think so) and the virtual machine I have on the static adapter get's an IP address from my router but the traffic simply isn't routing.

      I've attached a screen grab of what I think are all the relevant parts but I'm still not getting traffic across the bridge even though DHCP seems to go across fine :/ I've tried all sorts of configurations with the tunables but not getting anywhere

      Obviously I've added firewall rules to allow all from all on each interface. Any ideas would be fab :)

      0_1538152546718_wan.png
      0_1538152603993_dhcp.png
      0_1538152611700_Phones.png
      0_1538152618669_statics.png
      0_1538152581188_staticbridge.png
      0_1538152634026_nat.png
      0_1538152641895_tunables.png

      1 Reply Last reply Reply Quote 0
      • P
        peter_richardson
        last edited by peter_richardson

        I don't understand what you're trying to do, but I did notice that for your PHONES Interface, you've set the subnet mask to 255.255.255.255

        Your DNS servers 10.120.10.12 and 10.0.10.254 - did you specify them or are they handed to you via DCHP from your ISP?

        Are you using intentionally using IPV6?

        Can you try to explain what you're trying to achieve? It seems like you're going about it (whatever it is) the hard way and I'm almost certain that it could be done in a much simpler way, but you'll need to explain in detail what you're trying to do and why, and also what hardware you're using.

        1 Reply Last reply Reply Quote 0
        • A
          AlmightyJu
          last edited by

          I've made a diagram to try and explain what I'm trying to achieve 0_1538242816673_layout.png

          Basically the statics to WAN interfaces need to be bridged so devices can be assigned a public IP from behind pfsense. The overall reason for this is so that we can traffic shape to ensure that the Phones and DHCP networks get a minimum of X bandwidth.

          I'm not intentionally using IPv6, it's just a virtualbox setup and it defaults with it on but it's not needed. As for DNS that's just the office network so I wouldn't worry about them :)

          Thanks

          1 Reply Last reply Reply Quote 0
          • DerelictD
            Derelict LAYER 8 Netgate
            last edited by

            And the default gateway of, say, 10.0.10.2 is 10.0.10.254, not pfSense (10.0.10.121) correct?

            Have you done any packet captures to see where the flow is breaking down? For instance when upstream ARPs for 10.0.10.2 does the request appear on WAN and flow to the STATICS interface? Is there a response? Does that response go out WAN?

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • A
              AlmightyJu
              last edited by

              Appologies on the delay getting back to you on this, been a bit busy with things.

              So I've done a lot more digging and it seems that traffic is going out, back into the pfsense box but doesn't seem to get back to my VM and I'm honestly out of my depth trying to work out why.

              So relevant info is below, 10.0.10.254 is the external gateway and does DHCP, so my VM 10.0.10.121 gets it's IP from our office router ok but pings and normal internet traffic fails. It would appear that the WAN interface is getting the ping reply but it's not going across to the statics or the bridge interface and I cant work out why

              pfTop: Up State 1-17/17, View: default, Order: bytes
PR        DIR SRC                           DEST                                   STATE                AGE       EXP     PKTS    BYTES
icmp      Out 10.0.10.121:32235             10.0.10.254:32235                       0:0            00:07:06  00:00:09     1643    46004
icmp      Out 10.0.10.121:55748             10.0.10.254:55748                       0:0            00:07:03  00:00:09     1640    45920

              Packet Capture WAN:
              11:40:12.494284 IP 10.0.10.121 > 10.0.10.254: ICMP echo request, id 32235, seq 1242, length 8
              11:40:12.494450 IP 10.0.10.121 > 10.0.10.254: ICMP echo request, id 55748, seq 1238, length 8
              11:40:12.509484 IP 10.0.10.254 > 10.0.10.121: ICMP echo reply, id 32235, seq 1242, length 8
              11:40:12.510505 IP 10.0.10.254 > 10.0.10.121: ICMP echo reply, id 55748, seq 1238, length 8
              11:40:13.651769 ARP, Request who-has 10.0.10.254 tell 10.0.10.124, length 46

              Packet Capture Bridge:
              11:48:49.284145 ARP, Request who-has 10.0.10.254 tell 10.0.10.124, length 46
              11:48:50.307864 ARP, Request who-has 10.0.10.254 tell 10.0.10.124, length 46
              11:48:51.331496 ARP, Request who-has 10.0.10.254 tell 10.0.10.124, length 46

              Packet Capture Statics:
              11:50:30.660879 ARP, Request who-has 10.0.10.254 tell 10.0.10.124, length 46
              11:50:31.688384 ARP, Request who-has 10.0.10.254 tell 10.0.10.124, length 46
              11:50:32.709554 ARP, Request who-has 10.0.10.254 tell 10.0.10.124, length 46
              11:50:33.733321 ARP, Request who-has 10.0.10.254 tell 10.0.10.124, length 46
              11:50:34.757094 ARP, Request who-has 10.0.10.254 tell 10.0.10.124, length 46

              VM tcp dump for icmp:
              0_1538651044673_tcpdump icmp.png

              I am i right in thinking that incoming flow from WAN to the Statics is what's failing? Are there other diagnostic steps I can take to work this out?

              I'll keep trying this afternoon to see if i can get anywhere.

              Thanks

              1 Reply Last reply Reply Quote 0
              • First post
                Last post