Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [solved] Assign dynamic IP (DHCP) to client connected to bridge

    Scheduled Pinned Locked Moved General pfSense Questions
    3 Posts 1 Posters 1.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Y
      yay
      last edited by

      Hi all,

      I'm running an APU2C4 (pfSense 2.3.1 / WAN0, LAN0, LAN1) behind a VDSL modem.
      My provider delivers IPTV multicast traffic on VLAN8. igmpproxy does not support IGMPv3/SSM on the downstream which is essential in my case. I read on the German forum someone managed to create a bridge between a physical interface and VLAN8 instead. That's what I'm trying desperately right now. The settopbox (@LAN1) expects to get an IP assigned by a DHCP server - that's failing right now.

      My current setup:

      • DHCP server running on BR0_IPTV

      Interfaces:

      • WAN0_VDSL (VLAN7)              -> PPPoE
      • WAN0_IPTV (VLAN8)              -> DHCP (Class A private)
      • LAN0                                      -> STATIC (Class A private)
      • LAN1                                      -> NONE
      • BR0_IPTV (WAN0_IPTV, LAN1) -> STATIC (Class B private/30)

      System Tunables:

      • net.link.bridge.pfil_member = 1
      • net.link.bridge.pfil_bridge = 0

      Firewall rules:

      • Currently none, tried so many.

      I had it running last night (DHCP and working streams) until I decided to "optimize" the firewall rules. IIRC these were (do not work currently):

      LAN1:
      (*) IPV4 * BR0_IPTV net * * * * none

      WAN0_IPTV:
      (*) IPV4 * * * * * * none
      IPV4 IGMP * * * * * none
      IPV4 UDP * * * * * none

      BR0_IPTV:
      (*) IPV4 * BR0_IPTV net * * * * none

      What am I missing here?

      Cheers

      1 Reply Last reply Reply Quote 0
      • Y
        yay
        last edited by

        Ok folks, I've got it up and running!

        The main pitfalls were basically two things:

        1. Not being aware of the fact that "sysctls are only read when the bridge interface is created, at boot or otherwise". That was quite a PITA since I created bridges and afterwards changed the relevant system tunables, deleted them and so on. Thats why my firewall rules never worked as expected. In order to avoid further collateral damage simply reboot after changing any system tunables.

        Rule of thumb: "One does not simply setup a bridge without setting up system tunables beforehand!"

        2. The settopbox didn't get an IP assigned by the DHCP server since relevant requests were blocked on the LAN1 interface. Fixed by a single rule:

        
        IPv4 UDP 	LAN1 net 	68 	255.255.255.255 	67 	* 	none
        
        

        As an exercise for myself I repeat the steps below.

        Step 1: System Tunables

        • net.link.bridge.pfil_member = 1 (default)
        • net.link.bridge.pfil_bridge = 0 (default)

        Step 2: Setup interfaces

        • WAN0_VDSL (VLAN7)              -> PPPoE
        • WAN0_IPTV (VLAN8)              -> DHCP (Class A private)
        • LAN0                                      -> STATIC (Class A private)
        • LAN1                                      -> NONE
        • BR0_IPTV (LAN1, WAN0_IPTV) -> STATIC (Class B private/30)

        Step 3: Setup DHCP server

        • DHCP server running on BR0_IPTV

        Step 4: Setup firewall rules
        Important: All IGMP rules need "Allow IP options" to be enabled!

        • LAN1
        
        IPv4 UDP 	LAN1 net 	68 	255.255.255.255 	67       * 	none 	  	@Allow DHCP requests to pass
        IPv4 IGMP 	* 	        * 	224.0.0.0/4 	        *        * 	none 	  	@Allow multicast traffic to pass
        IPv4 UDP 	* 	        * 	239.255.255.250 	1900     * 	none 	  	@Allow SSDP requests to pass 
        
        
        • WAN0_IPTV
        
        IPv4 IGMP 	WAN0_IPTV net 	* 	224.0.0.0/4 	         *       * 	none 	  	@Allow multicast traffic to pass
        IPv4 UDP 	87.141.215.251 	4000 	* 	                 10000 	 * 	none 	  	@Allow to "form" RTP streams
        
        
        • BR0_IPTV
        
        IPv4 TCP/UDP 	BR0_IPTV net 	* 	* 	                  * 	* 	none 	  	@Allow any TCP/UDP requests to pass
        
        

        So long

        if_assignment.png
        if_assignment.png_thumb
        if_bridges.png
        if_bridges.png_thumb
        fw_lan1.png
        fw_lan1.png_thumb
        fw_wan0_iptv.png
        fw_wan0_iptv.png_thumb
        fw_br0_iptv.png
        fw_br0_iptv.png_thumb

        1 Reply Last reply Reply Quote 0
        • Y
          yay
          last edited by

          Btw. since I'm really new to pfSense I do welcome any input and improvements in regards to my rules and configurations.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.