Bridge almost working



  • I'm new to pfSense and tried to setup a single home network. First I will explain my current setup so you will understand how everything is connected.
    I have a esxi home server with 3 physical network cards. 1 for the WAN connection and 2 for the internal LAN network.

    In pfSense all 3 cards be connected and working fine with static IP-addresses. The only limitation is that I have 2 seperate LAN networks. I would like to just have 1 single LAN network. To realize this, I have created a bridge in pfSense.
    EM0 = My LAN1 nic (OPT1)
    EM1 = My WAN nic (WAN)
    EM2 = My LAN2 nic (OPT2)

    The bridge interface have OPT1 and OPT2 as bridge members and the BRIDGE0 interface itself is assigned as LAN.
    OPT1 and OPT2 have both the interface type set to NONE (and be enabled). The LAN interface is enabled and set to STATIC with IP Address 192.168.1.254/24.

    Within System Tunables the following 2 settings be changed, I found this on the pfSense forum:
    net.link.bridge.pfil_member Set to 0 to disable filtering on the incoming and outgoing member interfaces. 0
    net.link.bridge.pfil_bridge Set to 1 to enable filtering on the bridge interface 1

    When I connect PC1 to the OPT1 NIC everyhting works fine, I receive an IP address from pfSense and be able to communicate.
    When I connect PC2 to the OPT2 NIC I have a strange situation. I receive an correct IP address from pfSense, but I'm unable to communicate with the network. Like pinging the default gateway (192.168.1.254). I'm only be able to ping myself with the received DHCP lease IP address..

    I thought that there is something blocked by the firewall. So I have created 3 new firewall rules for LAN, OPT1 and OPT2 to allow any from any to any (just for testing). But this didn't help.

    After all above, I tried to reboot the pfSense server. But this also didn't help. The interface status shows me this:

    WAN interface (em1)
    Status up
    DHCP up   
    MAC address Removed in the forum
    IP address Removed in the forum
    Subnet mask 255.255.254.0
    Gateway 94.214.42.1
    ISP DNS servers 127.0.0.1
    8.26.56.26
    8.20.247.20
    Media 1000baseT <full-duplex>In/out packets 35828/25590 (32.88 MB/2.85 MB)
    In/out packets (pass) 34342/25590 (32.68 MB/2.85 MB)
    In/out packets (block) 1486/0 (206 KB/0 bytes)
    In/out errors 0/0
    Collisions 0

    LAN interface (bridge0)
    Status up
    MAC address 02:d2:05:53:56:00
    IP address 192.168.1.254  
    Subnet mask 255.255.255.0
    In/out packets 37768/47817 (4.04 MB/45.39 MB)
    In/out packets (pass) 37634/47803 (4.00 MB/45.39 MB)
    In/out packets (block) 134/14 (37 KB/560 bytes)
    In/out errors 0/0
    Collisions 0

    OPT1 interface (em0)
    Status up
    MAC address 00:0c:29:fd:95:67
    Media 1000baseT <full-duplex>In/out packets 1513/0 (196 KB/0 bytes)
    In/out packets (pass) 1511/0 (196 KB/0 bytes)
    In/out packets (block) 2/0 (80 bytes/0 bytes)
    In/out errors 0/0
    Collisions 0
    Bridge (bridge0) learning

    OPT2 interface (em2)
    Status up
    MAC address 00:0c:29:fd:95:7b
    Media 1000baseT <full-duplex>In/out packets 1550/0 (194 KB/0 bytes)
    In/out packets (pass) 1545/0 (194 KB/0 bytes)
    In/out packets (block) 5/0 (200 bytes/0 bytes)
    In/out errors 0/0
    Collisions 0
    Bridge (bridge0) learning

    SPT is not enabled for the Bridge0 interface.

    Can someone give me advise about how to solve this issue? If you need some more additional information please let me know.

    Thank you!</full-duplex></full-duplex></full-duplex>



  • The issue was caused by vmware esxi.
    Within the vSwitch configuration the Promiscuous Mode was causing a block action on all network traffic, except DHCP.
    See http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1004099 for more information about this.

    When you change this to accept, everything worked fine.

    This topic can be probably be moved to the Virtualization installations and techniques forum, because it's ESXi Related.



  • This isn't an "issue". This is required configuration for bridging. On a physical switch, you would need to configure the pfSense port as a mirroring port or such.


Log in to reply