Filtering Bridge locks out everything

Guest

i hope im right here and i hope i am not repeating a thousand other questions…

but ive got a problem on my wrap board with 3 nics. im in a 10.0.0.0/8 network and i'd like to exchange my old obsd bridge with a pfsense fw.

but for me it is not possible to get traffic over the filtering bridge. ive bridged LAN with WAN (both interface have ips in the same segment of course) but the moment when i activate filtering bridge all traffic stops. and lokking at the logs it seems that the firewall rules wont let any packets through.

ive made 2 dummy rules on the interfaces. (excerpt from the debug log)

User-defined rules follow

pass in quick on $wan from any to any keep state  label "USER_RULE: test"
pass in quick on $lan from any to any keep state  label "USER_RULE: test"

(fyi
loopback = "{ lo0 }"
lan = "{ sis0  bridge0 }"
wan = "{ sis1  bridge0 }")

anyone got any suggestions?

btw. yes ive read the tutorial

hoba

What version? Also make sure you don't have an ethernet loop. STP is enabled by default on bridges which will cause a block if there is a loop. status>interfaces will have a note about this if this is the case.

Guest

ive got
Version 1.0.1
built on Sun Oct 29 01:45:08 UTC 2006

there is no loop the interfaces are definitely on two "different networks"
just to be sure:
Status up
MAC address 00:0d:b9:03:5d:89
IP address 10.22.2.214 
Subnet mask 255.0.0.0
Gateway 10.0.0.1
ISP DNS servers 10.0.0.11
10.0.0.2
Media 10baseT/UTP
In/out packets 24355623/25519222 (1.75 GB/2.68 GB)
In/out errors 48/13
Collisions 5449498
Bridge (bridge0) learning

LAN interface (sis0)
Status up
MAC address 00:0d:b9:03:5d:88
IP address 10.2.2.214 
Subnet mask 255.0.0.0
Media 100baseTX <full-duplex>In/out packets 25094783/24201341 (2.66 GB/1.49 GB)
In/out errors 0/0
Collisions 0
Bridge (bridge0) learning</full-duplex>

jeroen234

In/out errors  48/13
Collisions  5449498

there is a big problem on youre network

Guest

thats ok because an the wan side there is a BNC - Coax network - a hub between coax and pfsense does the medium conversion

jeroen234

well 20% of youre traffic is ending up on the hospital and has to be send again

Guest

yupp i know - about 50 ppl on a segmented switched coax lan - but thats not the problem… bridging as such is working fine. but when you activete the filtering bridge - no more traffic ;)

hilove

i have absultly the same problem with filtering  bridge  .. when i open the filtering bridge option in system->advanced    all traffic will block  no matter what rules  i set in firewall

Guest

are there any news to this topic?

there must be more ppl with this problem if it really is a problem…
if i compare it with the ruleset of my obsd in the pf.conf i miss all the outgoing rules. (pass in - pass out)but actually i am not THE firewall - knowingitall kind a guy.

but seriously
any news would be great!

Tinozaure

I have been blocked exactly the same way using the bridging tutorial.
try setting the LAN ip with something completely outside your networks.
It worked for me

Guest

Weehaaaa thats it!

That must be definitely a bug!

when activating the filtering bridge the other address must be completely in another range. then it works like a charm!

thanx Tinozaure

sullrich

It is not a bug, it is how FreeBSD works.