Transparent Bridge on same subnet, two interface, pfSense 2



  • Hello all,

    I've been trying for a couple of days now, and i can't seem to figure it out. (Neither google can tell me where to go)
    I want to use pfSense as a transparent bridge/firewall in between the same network segment. I'm using pfSense 2.

    The network layout looks like this:
                                                                                        network part B
    gateway (192.168.1.1) <–-> switch 1 <---> pfsense <--->    switch 2    <->[hosts having the 192.168.1.x range]
                                                      |
                                                      | network part A
                                                      |
                                          [ hosts having the 192.168.1.x range ]

    So the only thing separating part A from part B is the pfsense bridge.
    The first interface on the pfsense machine is connected to the 'switch 1', the second interface on the pfsense machine is connected to 'switch 2'

    Somehow i can't get it to work. I've started out when a clean install op pfsense.
    Configured the interfaces LAN and WLAN; added a bridge and interface.
    Changed the firewall rules to allow all trafic from all sources to all dest on all networks.
    Disabled NAT (by settings it to manual NAT), and even changed the parameters in the 'Tunables' settings table.

    None if it made the bridge forward traffic.

    Moving the pfsense management IP from the WAN interface to the BRIDGE0 interfaces makes it all stop working at all. Can't even connect to the address on the bridge. (And all the fw-rules are set to any any any any) Although it seems this is the right way to go (setting it on the bridge0 interface)

    I noticed the bridge having two interfaces in 'learning' state. As far as I know the bridge is then still figuring out were to send what traffic to.
    I've never seen it switch to the forward state. It also seems that the bridge is only receiving traffic from the LAN interface, not the WAN interface. (As seen on my local tpcdump!)

    I hope somebody can help me figure this one out?
    Or maybe wants to help rule out what the F is going on here?

    Cheers!

    Arthur



  • any luck with transparent briding? If so do you have documentation?



  • @Siteview:

    Configured the interfaces LAN and WLAN; added a bridge and interface. I noticed the bridge having two interfaces in 'learning' state; I've never seen it switch to the forward state.

    I also tried forcing the interfaces to be edge ports, so they can enter “forwarding” state immediately — even if STP is somehow activated on that bridge. This didn't worked, as well as implicitly turning STP on and off.

    But if you look into the logs (not so long after updating interface / bridge configuration), you will probably see a line like this:```
    kernel: bridge0: error setting interface capabilities on {one_of_bridged_interfaces}


Log in to reply