Bridges, traffic only between 2 interfaces
-
Hi
LANCARD(VLAN20) + WLAN_TRANSIT(VLAN400) + WLAN(ath0) ->bridge0
LAN (bridge0)
All members in bridge are unmanaged(no ip), Lan 129.168.3.1/24 Running DHCP
net.link.bridge.pfil_bridge =1
net.link.bridge.pfil_member =0
WLAN_TRANSIT is a connection to an openwrt AP
If i have only WLAN_TRANSIT and one other member in the bridge i got an IP on the openwrt AP
with 3 members i got an ip on WLAN and LANCARD but not on WLAN_TRANSIT.Any idea why or is a bridge limited to 2 members
running on 2.1RC
-
If i have only WLAN_TRANSIT and one other member in the bridge i got an IP on the openwrt AP
with 3 members i got an ip on WLAN and LANCARD but not on WLAN_TRANSIT.Is the alleged DHCP request from WLAN_TRANSIT logged in the pfSense DHCP log?
Any idea why or is a bridge limited to 2 members
I believe there is hard limit to the number of members of a bridge.
Edit: I need a new proof reader. I mean to type: I believe there is NO hard limit to the number of members of a bridge.
-
There is no limit.
Probably there are problems with your firewall rules in that setup. -
Hi,
no there are no problems with firewall rules, i use the bridge as filter interface
net.link.bridge.pfil_bridge =1
net.link.bridge.pfil_member =0work like a charm with 2 members (The Openwrt got on 2 interfaces DHCP adresses form PFsense) and not with 3(no ip's)!
Maybe the problem is; 2 Vlans from the same IF ( = MAC) and pfsense use the lower VLAN id first…
-
Can you check that you have the tunable pfil_onlyip set to 1?
-
no i have not because i want a unconditional pass
net.link.bridge.pfil_onlyip
Controls the handling of non-IP packets which are not passed to pfil(9).
Set to 1 to only allow IP packets to pass (subject to firewall rules), set to 0 to unconditionally pass all non-IP Ethernet frames. -
Set that to 1 it should solve your issue.
-
issue still exist
-
Does the pfSense DHCP log show a DHCP request from the system on VLAN400? (You will need to look for the MAC address of the requesting system in the DHCP log since the log will not distinguish between the individual bridge members.) What did you do to generate such a request?
Do the interface counters show traffic on VLAN400? Do the counters change after DHCP requests are sent?
-
I found out the problem it is openwrt if i have both vlans (bridged on pfsense) as trunk input , any way if one is then only untagged to a single switchport, the openwrt don't forward traffic back on the vlan trunk
thx
max