Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Problem with bridged interfaces

    1.2.3-PRERELEASE-TESTING snapshots - RETIRED
    1
    1
    2.1k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      ssbaksa
      last edited by

      First brief explanation. I have included simplified schema for better understanding.

      WAN interface em1 and em2 are bridged together because I must provide public range which is firewalled by Pfsense. On em0 interface
      I have configured few internal vlan's for different departments of this university. All local servers are on vlan 120 and they decided to use Windows 2003 AD for local authentication. On uni they have Open LDAP (all universities are networked and use that system) with all students and staff and that LDAP is master for AD (all users are exported to AD).

      So, I need port 636 for secure communication between OpenLDAP (+ custom utils) and Win AD.

      On Pfsense I have forwarded that port to internal AD server and firewall rule is added automatically. So far - OK.
      Problem starts when I have used ldapsearch to test connection. No traffic at all. Internal test from another unix machine
      is OK. External test from different provider is OK. Only that one linux server has this problem. TcpDump shows no traffic.

      I have reset wan port (just click on Save button) and magically ladapsearch succeeded once, twice then nothing at all.
      When I click Save on WAN connection is on again. ARP on external server (x.y.202.3) shows that MAC address in ARP table is
      from em1 (WAN with IP x.y.202.9) when I can do ldapsearch and when there is no traffic MAC is from em2 (bridged, DMZ, without IP).

      Why this MAC addresses are changing? What to do to prevent that? It causes me great trouble because I must change my interconnect to route traffic differently to get that to work.

      Please advise.

      Regards

      Sasa
      problemLDAP.png
      problemLDAP.png_thumb

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.