Traffice flow stop after bridge



  • hi,

    after all the trouble at least i was able to do bridge between WAN and LAN. Also i created one for OPT interface as OPT2 and given static IP which has web management access. So after bridge i can access to web management.

    I have created bridge as below

    Interface          Description        IP adress       
    emo                  WAN              IP address None
    em1                  LAN              IP address None
    Bridge            WANBridge        10.10.20.14 static ip.

    em2                    OPT2          10.10.10.17 (where i access the web management portal)

    Now after bridge i rebooted the firewall and after reboot i am not able to ping the gate way 10.10.20.10 from ping interface of pfsense. Traffic does not flow to the firewall. Even not able to ping 10.10.20.14 from any system in network. checked physical connection on switch is found ok. Also firewall rule set full access allow all for WANBridge.

    Also i get some error like
    em0: DAD detected duplicate IPV6 address fe80:1:20c:29ff:fe1d:fa63: NS in/out=2  NA in=0
    em0: DAD complete for  fe80:1:20c:29ff:fe1d:fa63: - duplicate found
    em0: manual intervention required
    em0: possible hardware address duplication detected, disable IPv6
    I have check in Advance tab IPv6 is not enable. but still dont know why this error comes.



  • You also need either pass rules on LAN and WAN, not just on the bridge, or the net.link.bridge.pfil_member=0 flag.



  • Hi SeventhSon

    Thanks a lot for your reply..

    I check again.. i have set rule in firewall for WAN LAN and Bridge as allow all. No restriction.  Also change value to 0 as per your guide lines. but still i am not able to get ping to gate way 10.10.20.10.

    once again i brief about configuration.

    On all interface : WAN, LAN, Bridge and OPT firewall rule set to allow all. no restriction.

    IP address of Bridge is given as 10.10.20.13 and gateway for pfsense firewall is 10.10.20.10.
    No Ip provided to WAN and LAN and set to "None".

    NAT is set to Manual

    Please guide me where i am going wrong.. or yes if i need to do fresh installation with some personal guide of yours do let me know. i am ready to do it.



  • I think this guide explains it quite well:
    http://pfsense.trendchiller.com/transparent_firewall.pdf

    you might want to move the ip address to wan (or lan, depending) instead of the bridge

    did you do the "no-nat" bit> it is probably where things go wrong now.



  • Hi,

    I have selected "Manual Outbound NAT rule generation"

    I had followed this document… and i have tried it for three times reinstallation and carefully followed all the steps.

    http://people.pharmacy.purdue.edu/~tarrh/Transparent Firewall-Filtering Bridge - pfSense 2.0.2 By William Tarrh.pdf

    Do is there any rule to keep WAN and LAN on different switch. i had just come across some post on this. As i have kept both the interface on same switch as we have only one gateway which feeds MPLS as well as internet. Our major requirement is to do url filter.



  • @patelbhavin8008:

    Do is there any rule to keep WAN and LAN on different switch.

    Yes, how else are you going to filter? It should be:
    Internet - Router - WAN (pfSense) LAN - switch - clients

    Is this how you're connecting things? Please post diagram of how things are connected otherwise.



  • Our complete current network brief is as:

    ===========       
    MPLS Cloud    |
    with internet  |  10.10.0.0/24 serie network
    service          |========================> Router ============> Switch ===========> LAN (based of 10.10.20.0/24 network)
    (10.10.0.0/24) |                                              (IP: 10.10.20.10)

    We dont need other IP or routing.. our service provider feeds internet service with MPLS link only. And so our LAN client need 10.10.20.0/24 range IP going to gateway 10.10.20.10 (router IP). All are application and internet works on this.

    What i want to do change in network is as below so i can do URL and content filtering and logging.

    ===========       
    MPLS Cloud    |
    with internet  |  10.10.0.0/24 serie network                                                    |================> LAN (based of 10.10.20.0/24 network)
    service          |========================> Router ==========>  Switch= |                          ^
    (10.10.0.0/24) |                                              (IP: 10.10.20.10)                    |>=====Pfsense===^     
    ============                                                                                                (IP:10.10.20.13)

    So after implementing this gateway for network would be 10.10.20.13 and all the traffic and services from LAN client will be get filtered at URL and content filtering on PFsense and then forwarded to router. Typically Pfsense and LAN both will seat on switch and mainly working as gateway to LAN.



  • If you're doing a bridged firewall the gateway would still be 10.10.20.10, pfsense would just be filter on the line and should be between the switch and the router.


Log in to reply