2.0-RC1 bridging issue between interfaces
-
Dear PFSense community,
first of all thank you for releasing such a great product for free.
I have used PFSense before in routed mode with great success, and have been testing a bridges setup for the past three days with little success.I have PFSense set up in a virtual machine for testing, and have assigned three network interfaces to different host LANs like follows:
WAN -> de0 (will be used later on, not for this test)
LAN -> bridge0 (IP. 192.168.234.252)
OPT1 -> de2 (Ethernet Internal #1, bridge0 member)
OPT2 -> de1 (Ethernet Internal #2, bridge0 member)I used this setup after reading this post on how to successfully bridge two adapters.
I have also set the two bridge tunable system variables to 0 and 1 respectively.
The LAN interface also has the standard pass LAN to any firewall rule enabled. The OPT interfaces have no firewall rules defined.My problem is that I cannot send data (e.g. pings) across that bridge, nor access the webConfigurator anymore.
PFSense can ping itself on 192.168.234.252, but no other hosts on the 234 net. At first, a console ping returns nothing, and then after maybe 4 or 5 unsuccessful pings I receive "ping: sendto: host is down" error messages.EDIT: As a side note, when PFSense starts up, the DEC21443 virtual adapters (de0, de1, de2) are unresponsive. An ifconfig up/down for each will make them work. I've seen this issue on here before, but haven't fixed that yet. Just mentioning it in case it may play a role in the bridging issue.
I have tried pretty much everything I can think of, but to no avail. If you could point me in the right direction, any help would greatly be appreciated.
Thank you in advance!
-
You need to change the system tunables to filter on the bridge interface and not on members
-
Thank you for your reply.
I have net.link.bridge.pfil_member set to 0 ( Set to 0 to disable filtering on the incoming and outgoing member interfaces) and net.link.bridge.pfil_bridge set to 1 (Set to 1 to enable filtering on the bridge interface).
Am I misunderstanding something here? -
namezero111111
Just wondering if you ever got your bridging solution to work. Please let me know how you made it work if you did. Thank you.
-
Hey getahostcom.
Yes, I did get it to work for P2P/TLS between two servers by making changes to two configuration files that I modified for the user interface.
I then followed the Bridging Howto here: http://forum.pfsense.org/index.php/topic,20917.0.htmlI would like to share the two files with the rest of the community, by uploading the files into the repository, but I don't know how to do that on redmine.pfsense.org.
I can attach them here when I get home tonight.
Thanks! -
Here's the two promised files:
- Remove .txt extensions from the two files (forum restriction).
- Use any tool or the diagnostics menu to edit files
- Replace /etc/inc/openvpn.inc with supplied openvpn.inc
- Replace /usr/local/www/vpn_openvpn_server.php with vpn_openvpn_server.php
You can then select the TAP adapter for the server and leave the "Tunnel Network" field empty.
Note that this config file doesn't write the server-bridge directive, but rather "mode server" to the config file, since I didn't want the OVPN server to act as a DHCP server for the clients due to the fact that I was bridging the tap interface with a LAN interface.
Let me know if this works for you. Also, if you update to a new snapshot, you'll have to replace the two files again.
@Admins: How to commit the to the repository?