Bridging setup - clients behind bridge cannot see one another

inkumbi

Hi all

I have a fairly simple setup:
internet <->DSL router (.1) <-> client A (.100)
                                              <-> pfSense bridge (.20 on wireless WAN and .21 on wired LAN, connected to DSL router) <-> client B (.101)
                                                                                                                                                                                                <-> client C (.102)

The pfSense bridge is configured pretty basically, no special firewall rules, no NAT, just a very simple bridge.

The problem is that client B and C, both behind the bridge, cannot see one another. Anything not behind the bridge, client A for instance, can see and ping both clients B and C; the bridge and router/gateway can ping both. Moving client C off the bridge solves the problem, so neither client appears to be misconfigured.

Running tcpdump under pfSense during a ping by client B yields the following:
19:37:24.797461 arp who-has 192.168.1.102 tell 192.168.1.101
19:37:25.797229 arp who-has 192.168.1.102 tell 192.168.1.101
19:37:26.797179 arp who-has 192.168.1.102 tell 192.168.1.101

… the arp request is never answered, but when the gateway or bridge request, the request is immediately answered:
02:00:34.075100 arp who-has 192.168.1.102 tell 192.168.1.1
02:00:34.075831 arp reply 192.168.1.102 is-at xx:xx:xx:xx:xx:xx (oui Unknown)

Does anyone have any idea of how to fix it so that clients B and C can see one another?

Thanks!

hoba

client B and C are in the same layer2 subnet and are not passing the pfSense to talk to each other so the problem can't be at the pfSense. Maybe the swicth that you are using has some invalid vlan configuration?

inkumbi

Sorry, I didn't make it explicit that both client B and client C are connecting wirelessly to the bridge…

hoba

Ah, that's a "feature" called client seperation. The driver is broken atm so we had to hide the option to allow clients behind the wireless AP to talk to each other. Once the driver is fixed we'll unhide the setting again.

inkumbi

Oh dear. Is there a timeline for a fix? Or any way around it (clever routing or something)?

Anyway, thanks for your help!

hoba

It depends on the freebsd driver. Nothing we can fix at our end unfortunately.

lsf

You can try to issue ifconfig ath0 apbridge and see if it works.
This part of the code is comented out at the moment. You can enable it again by removing the in /usr/local/www/interfaces_wlan.inc.

nuclear_eclipse

Is there any easy way to set up routing or somesuch so that clients can still have intercommunication?  I just moved my second desktop onto wireless and found out they cant communicate this way.  I'm not familiar enough with how static routing and all that stuff works, so I'm not sure how to proceed.  Everything is on the 192.168.1.0 subnet with a 255.255.255.0 mask, and I really want to have direct communication between desktops, for synergy, samba, etc.

hoba

Run the latest snapshot, the problem of the driver has been fixed and the option is available again: http://pfsense.com/~sullrich/1.0.1-SNAPSHOT-12-14-2006/

shadow

@hoba:

Ah, that's a "feature" called client seperation. The driver is broken atm so we had to hide the option to allow clients behind the wireless AP to talk to each other. Once the driver is fixed we'll unhide the setting again.

I hand-edited my config file to include apbridge enabled (I'm using ath0 as LAN) and it's letting my clients talk amongst themselves fine. pfsense 1.0.1, as-shipped kernel.

I was about to ask where the gui setting to tweak this is, but, I guess there is none ATM.

hoba

@hoba:

Run the latest snapshot, the problem of the driver has been fixed and the option is available again: http://pfsense.com/~sullrich/1.0.1-SNAPSHOT-12-14-2006/

Please reread this post. All snapshots starting from this one have support for this feature through the webgui again.

shadow

@hoba:

@hoba:

Run the latest snapshot, the problem of the driver has been fixed and the option is available again: http://pfsense.com/~sullrich/1.0.1-SNAPSHOT-12-14-2006/

Please reread this post. All snapshots starting from this one have support for this feature through the webgui again.

Sure, but the driver was fixed by time of what I'm running, while the config tweak for it wasn't yet re-exposed. I guess my point is apbridge works in stock 1.0.1, it's only the gui which lacks a way to set it. More for future posterity than intended as a bug report: not everyone can easily upgrade a router at any given time (I'm not touching mine til I get home but it's useful to talk to wireless clients from other than the router)

hoba

Go to diagnostics>edit and open "/usr/local/www/interfaces_wlan.inc"
Then search for  "Allow  intra-BSS  communication" and remove the "" around that codeblock and save. This will bring back the option in the webgui.