Do I need to bridge LAN and WAN, or does NAT do that?



  • I consider myself to be somewhat knowledgeable with software and hardware but this intermediate/advanced level networking stuff is confusing!

    Anyways, I'm just setting up pfSense and am reading the m0n0wall documentation and I'm a little confused on bridging.

    From what I've gathered, bridging allows traffic (packets) to travel from one network (interface?) to another.

    Does this mean a bridge must exist between the LAN and WAN interfaces?  …or is this something taken care of by NAT?

    Also, do I need to bridge my Wireless interface with anything?  I want it to be able to communicate with my LAN and also have access to my WAN so would I need two bridges?

    Sorry for the newbie questions and thanks so much for any help!

    (If anybody can point me to more documentation or reading information I'd very much appreciate it!)



  • no, you don't need to bridge them and yes, it's taken care of by NAT. when you add your wireless interface just create the firewall rules to allow traffic to traverse your network interfaces. if your talking about when you add the interface just keep it at "none".



  • Thanks for the reply.

    What exactly does bridging do?

    Does it just allow two interfaces to see each other?

    For example, without bridging my laptop (wireless) and desktop (LAN) couldn't ping each other.  However, with it enabled then they could?

    Also, I had to enable a bridge between Wireless and LAN so that my wireless could use the LAN DHCP server.  I guess that makes sense but is that a common way to set it up?



  • What exactly does bridging do?

    if you set it to "bridge" it basically creates a Layer 2(data link) type connection. however, i know you can create filtered bridges also… (someone please correct me if i am wrong here...)  i've always thought of bridges as switches with fewer ports or in your case, one port.

    Does it just allow two interfaces to see each other?

    it allows them to act as if they are connected to the same switch.

    For example, without bridging my laptop (wireless) and desktop (LAN) couldn't ping each other.  However, with it enabled then they could?

    makes sense… you either needed firewall rules or you had a routing issue. prolly firewall...

    Also, I had to enable a bridge between Wireless and LAN so that my wireless could use the LAN DHCP server.  I guess that makes sense but is that a common way to set it up?

    if i understand you correctly, it sounds like you have a wireless access point or router connected to an interface on your pfsense firewall. personally i would not set it up that way. (assuming this SOHO WAP)for security reasons, disable bridge, keep the wireless access point on a seperate interface (i think this is how you have it now), disable the dhcp server on your WAP, set a static IP for the LAN on your WAP, then move your ethernet cord so that it's on a switch port and not the WAN port.  this way your WAP should act like a switch with wireless enabled. then set dhcp server on your firewall accordingly and your wireless hosts should pick up the dhcp from pfsense.  be careful the order at which you do this or you'll lock yourself out of your WAP.  set the LAN static IP first. then disable the dhcp server on the wap.

    once you have that all working and have enabled dhcp on pfsense for your WAP then configure firewall rules accordingly to permit access into your LAN. if your only using the subnets which reside on the pfsense interfaces then you shouldn't have to mess with NAT either..

    hope this helps…


Log in to reply