Problem with bridged interfaces

  • First brief explanation. I have included simplified schema for better understanding.

    WAN interface em1 and em2 are bridged together because I must provide public range which is firewalled by Pfsense. On em0 interface
    I have configured few internal vlan's for different departments of this university. All local servers are on vlan 120 and they decided to use Windows 2003 AD for local authentication. On uni they have Open LDAP (all universities are networked and use that system) with all students and staff and that LDAP is master for AD (all users are exported to AD).

    So, I need port 636 for secure communication between OpenLDAP (+ custom utils) and Win AD.

    On Pfsense I have forwarded that port to internal AD server and firewall rule is added automatically. So far - OK.
    Problem starts when I have used ldapsearch to test connection. No traffic at all. Internal test from another unix machine
    is OK. External test from different provider is OK. Only that one linux server has this problem. TcpDump shows no traffic.

    I have reset wan port (just click on Save button) and magically ladapsearch succeeded once, twice then nothing at all.
    When I click Save on WAN connection is on again. ARP on external server (x.y.202.3) shows that MAC address in ARP table is
    from em1 (WAN with IP x.y.202.9) when I can do ldapsearch and when there is no traffic MAC is from em2 (bridged, DMZ, without IP).

    Why this MAC addresses are changing? What to do to prevent that? It causes me great trouble because I must change my interconnect to route traffic differently to get that to work.

    Please advise.



Log in to reply