• this is the setup:

    dual internet connections <-> pfsense-A 2.0 <–-bridge---> pfsense-B <-> lan

    the purpose of pfsense-B is:

    • traffic shaping
    • squid (doesn't work well on pfsense-A with the two ISPs)

    i'm trying to lab this out in vmware workstation. pfsense-B has three nics:
    em0 - wan: connected to pfsense-A
    em1 - lan: connected to LAN
    em2 - opt1: connected to a pc (because most of these configs cause me to lose access to em1 and em0)

    After a clean install, I enabled the three NICs and put a single rule on each one saying allow any traffic
    I went to assign interfaces and created a bridge with em0 and em1
    I assigned this bridge to the LAN interface.

    At this point, I am no longer able to access pfsense-B from the lan. I can still access it on opt1.

    If I start a ping from the Lan to pfsense-A, using tcpdump I will see this:

    lan host ARP who-has request -> pfsense-A -> pfsense-B
    pfsense B ARP reply -> pfsense-A -> (then the packet is lost, not seen on lan wan or opt1)

    so I have the bridge 3/4 of the way working. If pfsense-A would send arp (and then hopefully other traffic) back to the LAN, I will be up and running. Can anyone guess at anything I may be missing?

  • You can assign it as an optional interface the bridge and than it will work normally without dropping you from LAN!