Bridge physical interface and VLAN

nos86

Hello,

I'm getting crazy trying to setup a bridge for my network: i need to segmentate the communication inside the same subnet splitting the network in two: LAN1 and LAN2; between these LANs I want to use pfSense as firewall.

The current configuration is:
LAN1: em0 with no IP setting
LAN2: em0.2 with no IP setting (VLAN has been created before)

DHCP is installed on another server in LAN1

When I try to create a BRIDGE0 with both LAN with an IP retrieved by DHCP, it is not able to get it; I'm not able to ping the pfSense (even if I try with a static IP) and both LANs are insulated.

I changed the settings of firewall as following:
net.link.bridge.pfil_member = 0
net.link.bridge.pfil_bridge = 1

Current firewall rules are:

floating: No rules
BRIDGE0: Pass IPv4* * * * * * none
LAN1: No rules
LAN2: No rules

Can someone help me to understand what I'm doing wrongly?

Thanks in advance,
Salvo

Derelict

Show your
Interfaces > Assignments
Interfaces > Assignments, Bridges
Interfaces > BRIDGE0, LAN1, and LAN2
pages.

You obviously need to connect em0 to something that knows to send an untagged VLAN and tagged VLAN 2 to it.

You also almost never want to use DHCP to receive an address for the pfSense interface on an inside interface as it will be configured as a WAN, not a LAN in that case. Use a static IPv4 interface number assignment in the correct subnet on the bridge. Do not set an upstream gateway. Make the bridge members enabled but with no IPv4 or IPv6 configuration.

nos86

Hello Derelict,
here the picture you required:
Interfaces

Bridge

BRIGDE0

LAN1

LAN2

In my current configuration everything is connected to untagged port, than the switch will create VLAN on proper ID. Moreover, the correct configuration has been tested pinging from my pc on each VLAN the devices (at least one device with fixed ip for each vlan)
LAN0 (aka Bridge0) is set with fixed IP.

LAN1 and LAN2 has configured with no IP unlike BRIGDE where is set a fixed ip

What do you mean when talk about gateway? I should remove from bridge configuration?
Where I can configure it?

Derelict

You do not set an upstream gateway on any inside interfaces unless you absolutely know exactly what you are doing, why, and what it does. It is on the interface configuration page itself.

Your upstream gateway on the bridge interface is nonsensical.

nos86

I removed it but nothing changed expect that I'm not able to connect to internet anymore.
In my network ISP is connected on 192.168.1.1 on LAN0 and it is used to supply internet connection to all LANs including OUTSIDE and MUSUX.

Derelict

In my network ISP is connected on 192.168.1.1 on LAN0

Then you are going to have to make a much better description of what you are trying to do. I am completely lost.

nos86

Ok.. here the scenario

I have one main subnet called LAN0 (192.168.1.1/24).
This network has its own server (192.168.1.3) and ISP (192.168.1.1)

I want to segmentate this network in two, creating a VLAN2 where I want to create a transparent bridge that will be used to reduce the communication VLAN2 --> LAN0 but leaving full communication in the opposite direction (LAN0 --> VLAN2).

Moreover, on this network, I want to add two independent network: MUSUX (VLAN62) and OUTSIDE (VLAN42). In this case the DHCP Server is supplied by pfSense.
The first one MUSUX will have access to all internal networks (LAN0 and OUTSIDE) and to internet, instead the OUTSIDE network will have only access to internet.

For this reason I designed three independent networks and pfSense will route through its firewall the connections between networks according to the rules explained above.

Here a simplified network chart:

I hope this gives you a more clear scenario.

Thanks for your help