Bridge mode?
-
Anyone using pfsense in a bridge configuration?
-
yes, at least several people out there running bridging setups.
-
Ah yes I am running in bridged mode I just wondered if anyone else was. I have run into a few problems in bridged mode, but overall it seems to be working ok. The main problem is for some strange reason at times the firewall rules seem to block all traffic, even though my rules are set to pass in/out all. My config does have 3 nic's in the box, one of them is the admin interface, so maybe pfsense is having some problems with the admin interface? Or. maybe it is the QoS rules freaking out? Anyone else having any issues in bridge mode? The theory was to create a transparent filtering/QoS device that would easily integrate into the network w/o the need to config new ip addresses. It basically worked, but as I stated it has a few issues.
Thanks!
BTW, love the new msg board!!
-
I have Intel NICs (fxp0-5) and try to establish a bridge. It works without any problems until I restart the firewall.
After reboot, the bridge exists, but the traffic does not flow.
After disabling the bridge and after that re establishing a bridge over two interfaces it works again, but only when reenabling it manually…
WHY ?
Thats really annoying
-
I have Intel NICs (fxp0-5) and try to establish a bridge. It works without any problems until I restart the firewall.
After reboot, the bridge exists, but the traffic does not flow.
After disabling the bridge and after that re establishing a bridge over two interfaces it works again, but only when reenabling it manually…
WHY ?
Thats really annoying
What version? ALWAYS include this information, we are not mind readers.
After reboot post the contents of running ifconfig from a shell.
-
It's the latest version 0.94.12
I tried it with another mainboard and the same symptoms are there… even in virtual pc these issues come up... :-(
-
It's the latest version 0.94.12
I tried it with another mainboard and the same symptoms are there… even in virtual pc these issues come up... :-(
What about the ifconfig output?!
-
ifconfig output follows tomorrow…
tried the same with 2 diffenent nics (3Com 905TX-M) and the problem was the same...
but there another phenomenon was there: with acpi enabled they got IPs but there was no traffic possible... after disabling acpi it worked... but then: reboot system and no traffic was possible anymore... -> seems it has nothing to do with tne nics or their drivers...
seems as if there is a problem with soft-reboot in bridge mode...
I'll have a look at the ifocnfig output tomorrow...
but after a reboot the bridge still exists with its members...
???
perhaps anyone has some explainations how to configure a bridge mode... perhaps i'm just still wrong !?
Could it be that this occurs because i assigned a static ip (eg. 172.16.0.1) to the wan interface (but disabled the block private networks option) ?
-
ifconfig output follows tomorrow…
tried the same with 2 diffenent nics (3Com 905TX-M) and the problem was the same...
but there another phenomenon was there: with acpi enabled they got IPs but there was no traffic possible... after disabling acpi it worked... but then: reboot system and no traffic was possible anymore... -> seems it has nothing to do with tne nics or their drivers...
seems as if there is a problem with soft-reboot in bridge mode...
I'll have a look at the ifocnfig output tomorrow...
but after a reboot the bridge still exists with its members...
???
perhaps anyone has some explainations how to configure a bridge mode... perhaps i'm just still wrong !?
Could it be that this occurs because i assigned a static ip (eg. 172.16.0.1) to the wan interface (but disabled the block private networks option) ?
Just for the sake of testing… if you can get console access, go to the command line and type pfctl -F all. Then see if you can pass traffic. My guess is that it is a PF issue and not a hardware/software problem.
CC
-
Hi all !
The problem has been solved when using v1.0 beta !
Good work guys !
keep on !
-
Hi all !
When I bridge the LAN with the WAN interface and set the IP Adresses at both interfaces to the same IP it works without any problems.
Now the question is: which interface IP is ignored ?Because when both IPs would count there jmust be an error, right ?
-
both are ignored
and replaced bij the bridge witch now had that ipadress
sof if youre lan card is xl0 and youre wan card is vr0 then you have now br0
voor both lan and wan
any trafic adressed to br0 get's out on the lan and the wan card -
First time pfsense user here. How did you guys actually get it working in bridge mode? From the web gui or the commandline? (something like http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-bridging.html ?)
I've found this for monowall ( http://doc.m0n0.ch/handbook/examples-filtered-bridge.html ) but the pages aren't there on the sense webconfigurator.
I mainly want to use pfsense for what appears to be brilliant traffic shaping capabilities.
I'm using the Beta 1 version.
My test home setup is :
pc(192.168.0.19 ) -> crossover to pfs box (192.168.0.9/192.168.0.8) -> switch -> netgear router (192.168.0.1) -> adsl modem.
I've turned off the firewall but I cant seem to find the section to put it into bridge mode.
Ideally I want to figure out how I can set this up so I can deploy them in minutes and stick them between the net connection and the first switch ahla Packeteer packetshaper style. Just without the lighter wallet :)
Then I can later connect to each one and turn the connection as approiprate.Ideas?
Cheers.
-
pfSenses bridge is filtering by default. You have to create rules for traffic to pass the bridge. everything that is not explicitly allowed will be blocked. By turning off firewall you shutdown all filtering which means that nothing is passing the shaper anymore. LKeep the firewall enabled and create allow any to any rules at the interfaces instead.
-
This is no longer true. There is now a checkbox in advanced which enables filtering bridging.
-
This is no longer true. There is now a checkbox in advanced which enables filtering bridging.
Advanced? As in "System" tab then Advanced?
http://img219.imageshack.us/img219/2360/advanced3er.gif
Could you help in pointing out where this is. Is this available on the 1.0 beta? Or is that in a newer developer version?
Can't seem to find that option anyway. I did select "Disable the firewalls filter altogether."
Cheers.
Koops
-
Beta 2.
-
Beta 2.
I'm assuming thats in the cvs tarball? using the cvs is probably a bit beyond me atm.
-
Yes, the fix has not been released, only beta 1 has.
-
The penny finally dropped with some help from "trendchiller". Thanks!
Finally found how to bridge the connection (had to grep for "bridge" in all the php scripts). interface_lan.php! :-[
As I had been setting the Lan interface from the console. The connecting to the web interface and it would run the setup wizard I never needed to change the Lan interface as such it was the only page I never looked in!
Oh well, time to finally play around with packet shaping :)
-
Hi !
What could mean this message, when I try to bridge the LAN IF to the WAN IF ?
Warning: unlink(/var/run/lan.conf.dirty): No such file or directory in /usr/local/www/interfaces_lan.php on line 295
-
This is cosmetic. You can ignore it and it should be fixed in beta2.