Help with bridging

rsingh · Jan 29, 2011, 6:25 PM

this is the setup:

dual internet connections <-> pfsense-A 2.0 <–-bridge---> pfsense-B <-> lan

the purpose of pfsense-B is:

traffic shaping
squid (doesn't work well on pfsense-A with the two ISPs)

i'm trying to lab this out in vmware workstation. pfsense-B has three nics:
em0 - wan: connected to pfsense-A
em1 - lan: connected to LAN
em2 - opt1: connected to a pc (because most of these configs cause me to lose access to em1 and em0)

After a clean install, I enabled the three NICs and put a single rule on each one saying allow any traffic
I went to assign interfaces and created a bridge with em0 and em1
I assigned this bridge to the LAN interface.

At this point, I am no longer able to access pfsense-B from the lan. I can still access it on opt1.

If I start a ping from the Lan to pfsense-A, using tcpdump I will see this:

lan host ARP who-has request -> pfsense-A -> pfsense-B
pfsense B ARP reply -> pfsense-A -> (then the packet is lost, not seen on lan wan or opt1)

so I have the bridge 3/4 of the way working. If pfsense-A would send arp (and then hopefully other traffic) back to the LAN, I will be up and running. Can anyone guess at anything I may be missing?

eri-- · Jan 29, 2011, 6:57 PM

You can assign it as an optional interface the bridge and than it will work normally without dropping you from LAN!