Filtering Bridge pfSense 2 RC-3 - SOLVED



  • I have been searching for information on how to setup pfsense as a filtering bridge in 2.0, i have found info on v1.2 but i have failed porting that setup to 2.0. What i want to do is to put pfSense Bridge between my LAN and a Wireless Link to an external office to filter traffic. Without messing with NAT.

    < Main Office LAN < –- Antenna  --------- Antenna --- > --- ( pfSense Bridge ) --- External Office LAN>

    Hope someone can understand this, and i want to know if this is possible and some info on how to make this work.

    Thank you



  • After a couple of tests this is what i have done, with no luck

    1. Fresh Install
        xl0 –> WAN
        rl0 --> LAN
    2. Interface --> Assign --> Bridges
      - Create a new bridge
          BRIDGE0 (LAN,WAN)
    3. Interface --> Assign
        - Create a new interface and assign the bridge
        New Interface --> Bridge (BRIDGE0)
    4. Enable and set ip to Bridge New interface
    5. Create a rule on BRIDGE and LAN [ UDP 0.0.0.0 68 255.255.255.255 67 ]
    6. Create a rule on LAN [Any LAN Subnet *  * *]
    7. Set LAN and WAN type to NONE

    Hope someone can take me back to the road



  • You have to set unser System->Advanced->Tunables
    net.link.bridge.pfil_member = 0
    net.link.bridge.pfil_bridge = 1



  • @josueharos:

    5. Create a rule on BRIDGE and LAN [ UDP 0.0.0.0 68 255.255.255.255 67 ]

    This is so DHCP gets forwarded from rl0 to WAN? Does that much work?

    @josueharos:

    4. Enable and set ip to Bridge New interface
    6. Create a rule on LAN [Any LAN Subnet *  * *]
    7. Set LAN and WAN type to NONE

    So LAN doesn't have an IP address. What IP addresses will match LAN Subnet in the firewall rules?

    I setup a bridge on my pfSense to bridge ath0 (WiFi) and rl0 (wired) and have a common DHCP server. My LAN interface is bridge0 which has members ath0 and rl0.  LAN is configured with a static IP address and DHCP enabled. ath0 and rl0 have firewall rules to allow DHCP and traffic from LAN net to any. I have the default settings of net.link.bridge.pfil_member and net.link.bridge.pfil_bridge:

    net.link.bridge.pfil_member = 1
    net.link.bridge.pfil_bridge = 0



  • 4. Enable and set ip to Bridge New interface

    He wants the ip on the bridge itself.



  • Ok, i will make the changes to system tunables and see what happens. Should i consider adding a third interface for administration? After playing with this i needed to reset to factory default the router because i could not logon (no ips on interfaces).

    Also, is the procedure i posted above correct?

    Thank you for your time



  • @ermal:

    You have to set unser System->Advanced->Tunables
    net.link.bridge.pfil_member = 0
    net.link.bridge.pfil_bridge = 1

    This made the trick, also did not need a third interface for admin, just set the ip to the bridge and it worked. Thanks

    Another question, Is it possible to shape if so,which wizard should i start wizard "Dedicated Link" or "Single WAN/Multiple LAN"?



  • I can't seem to be able to get this to work….I'm following the instructions and using the same version of pfsense.

    Could you post some details about which IP Addresses your using.

    Thanks
    GE



  • Ok, i will post screenshots as soon as i can.



  • Thank You.

    GE



  • Sorry i was not being able to log to the bridge, but here are the screenshots












  • Hope this helps, Bridge is made between WAN <-> OPT





Log in to reply