Transparent bridge will not pass packets



  • Hello all,

    I have been trying to configure a transparent bridge firewall with no real luck.  I start with a fresh install of pfsense RC1 and configure exactly as described in the tutorial here:

    http://www.pfsense.com/mirror.php?section=tutorials/transparent_firewall/transparent_firewall.pdf

    but alas, I am unable to get anything to move across it.  I have not added or changed any of the default firewall rules.  As it is setup by default I should be able to go from LAN to WAN correct?  I have tried ping as well as http on a LAN system to a system on the WAN side.  I have even add a wide open rule for the WAN interface.  It made no difference.

    I can ping both test systems from the pfsense console, LAN and WAN IP addresses from the system on the LAN side and only the LAN IP address from the system on the WAN side.

    Any clue what is going on here?  I admit I am a newb to the *BSD world so I am at a slight disadvantage.  My background is Solaris and Linux.  What other kind of information can I give you that will aid in diagnosis?

    Thanks alot guys and a great job on the product.  It has all the features that m0n0wall lacked for what I need.

    LAN = 192.168.1.75
    WAN = 192.168.1.74

    $ ifconfig
    em0: flags=8943 <up,broadcast,running,promisc,simplex,multicast>mtu 1500
    options=8 <vlan_mtu>inet6 fe80::230:48ff:fe80:cae2%em0 prefixlen 64 scopeid 0x1
    inet 192.168.1.75 netmask 0xffffff00 broadcast 192.168.1.255
    ether 00:30:48:80:ca:e2
    media: Ethernet autoselect (1000baseTX <full-duplex>)
    status: active
    em1: flags=8943 <up,broadcast,running,promisc,simplex,multicast>mtu 1500
    options=8 <vlan_mtu>inet6 fe80::230:48ff:fe80:cae3%em1 prefixlen 64 scopeid 0x2
    inet 192.168.1.74 netmask 0xffffff00 broadcast 192.168.1.255
    ether 00:30:48:80:ca:e3
    media: Ethernet autoselect (100baseTX <full-duplex>)
    status: active
    pflog0: flags=100 <promisc>mtu 33208
    enc0: flags=0<> mtu 1536
    lo0: flags=8049 <up,loopback,running,multicast>mtu 16384
    inet 127.0.0.1 netmask 0xff000000
    inet6 ::1 prefixlen 128
    inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5
    pfsync0: flags=41 <up,running>mtu 2020
    pfsync: syncdev: lo0 maxupd: 128
    bridge0: flags=8043 <up,broadcast,running,multicast>mtu 1500
    ether ac🇩🇪48:24:fb:da
    priority 32768 hellotime 2 fwddelay 15 maxage 20
    member: em1 flags=7 <learning,discover,stp>port 2 priority 128 path cost 55 forwarding
    member: em0 flags=7 <learning,discover,stp>port 1 priority 128 path cost 55 forwarding</learning,discover,stp></learning,discover,stp></up,broadcast,running,multicast></up,running></up,loopback,running,multicast></promisc></full-duplex></vlan_mtu></up,broadcast,running,promisc,simplex,multicast></full-duplex></vlan_mtu></up,broadcast,running,promisc,simplex,multicast>



  • You don't have the two ports of the bridge plugged into the same switch or anything silly like that, right?  It would help to have a small diagram of how you have it setup, and what is trying to ping/access what…



  • Having the same subnet on lan and wan is generally not a good idea  ;)



  • You usually don't have 2 ipadresses in a bridgescenario. You should only have 1 IP adress here. The Interface that is bridged to another one won't have an IP. Something here is borked. Also you are running RC1 which is way too old to be supported and numrous bugs have been fixed since that release. Update to RC2 and run the updatescripts to go to RC2e. Also rebuild your config from scratch.

    In fact I know that the bridge is working correctly as I have tested it inside out lately due to 2 bugreports which in the end showed up to be missconfigurations of some sort.


Locked