4. Bridging setup - clients behind bridge cannot see one another

Bridging setup - clients behind bridge cannot see one another

  • I

    Hi all

    I have a fairly simple setup:
    internet <->DSL router (.1) <-> client A (.100)
                                                  <-> pfSense bridge (.20 on wireless WAN and .21 on wired LAN, connected to DSL router) <-> client B (.101)
                                                                                                                                                                                                    <-> client C (.102)

    The pfSense bridge is configured pretty basically, no special firewall rules, no NAT, just a very simple bridge.

    The problem is that client B and C, both behind the bridge, cannot see one another. Anything not behind the bridge, client A for instance, can see and ping both clients B and C; the bridge and router/gateway can ping both. Moving client C off the bridge solves the problem, so neither client appears to be misconfigured.

    Running tcpdump under pfSense during a ping by client B yields the following:
    19:37:24.797461 arp who-has 192.168.1.102 tell 192.168.1.101
    19:37:25.797229 arp who-has 192.168.1.102 tell 192.168.1.101
    19:37:26.797179 arp who-has 192.168.1.102 tell 192.168.1.101

    … the arp request is never answered, but when the gateway or bridge request, the request is immediately answered:
    02:00:34.075100 arp who-has 192.168.1.102 tell 192.168.1.1
    02:00:34.075831 arp reply 192.168.1.102 is-at xx:xx:xx:xx:xx:xx (oui Unknown)

    Does anyone have any idea of how to fix it so that clients B and C can see one another?

    Thanks!

    0
  • H

    client B and C are in the same layer2 subnet and are not passing the pfSense to talk to each other so the problem can't be at the pfSense. Maybe the swicth that you are using has some invalid vlan configuration?

    0
  • I

    Sorry, I didn't make it explicit that both client B and client C are connecting wirelessly to the bridge…

    0
  • H

    Ah, that's a "feature" called client seperation. The driver is broken atm so we had to hide the option to allow clients behind the wireless AP to talk to each other. Once the driver is fixed we'll unhide the setting again.

    0
  • I

    Oh dear. Is there a timeline for a fix? Or any way around it (clever routing or something)?

    Anyway, thanks for your help!

    0
  • H

    It depends on the freebsd driver. Nothing we can fix at our end unfortunately.

    0
  • L

    You can try to issue ifconfig ath0 apbridge and see if it works.
    This part of the code is comented out at the moment. You can enable it again by removing the in /usr/local/www/interfaces_wlan.inc.

    0
  • N

    Is there any easy way to set up routing or somesuch so that clients can still have intercommunication?  I just moved my second desktop onto wireless and found out they cant communicate this way.  I'm not familiar enough with how static routing and all that stuff works, so I'm not sure how to proceed.  Everything is on the 192.168.1.0 subnet with a 255.255.255.0 mask, and I really want to have direct communication between desktops, for synergy, samba, etc.

    0
  • H

    Run the latest snapshot, the problem of the driver has been fixed and the option is available again: http://pfsense.com/~sullrich/1.0.1-SNAPSHOT-12-14-2006/

    0
  • S

    @hoba:

    Ah, that's a "feature" called client seperation. The driver is broken atm so we had to hide the option to allow clients behind the wireless AP to talk to each other. Once the driver is fixed we'll unhide the setting again.

    I hand-edited my config file to include apbridge enabled (I'm using ath0 as LAN) and it's letting my clients talk amongst themselves fine. pfsense 1.0.1, as-shipped kernel.

    I was about to ask where the gui setting to tweak this is, but, I guess there is none ATM.

    0
  • H

    @hoba:

    Run the latest snapshot, the problem of the driver has been fixed and the option is available again: http://pfsense.com/~sullrich/1.0.1-SNAPSHOT-12-14-2006/

    Please reread this post. All snapshots starting from this one have support for this feature through the webgui again.

    0
  • S

    @hoba:

    @hoba:

    Run the latest snapshot, the problem of the driver has been fixed and the option is available again: http://pfsense.com/~sullrich/1.0.1-SNAPSHOT-12-14-2006/

    Please reread this post. All snapshots starting from this one have support for this feature through the webgui again.

    Sure, but the driver was fixed by time of what I'm running, while the config tweak for it wasn't yet re-exposed. I guess my point is apbridge works in stock 1.0.1, it's only the gui which lacks a way to set it. More for future posterity than intended as a bug report: not everyone can easily upgrade a router at any given time (I'm not touching mine til I get home but it's useful to talk to wireless clients from other than the router)

    0
  • H

    Go to diagnostics>edit and open "/usr/local/www/interfaces_wlan.inc"
    Then search for  "Allow  intra-BSS  communication" and remove the "" around that codeblock and save. This will bring back the option in the webgui.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy