Bridge Not Passing Traffic - What am I missing?

  • Hi Guys,

    Been off the scene for quite a bit as pfsense has been so stable (rock solid) and my configuration has changed little.
    I am now trying to change my configuration completely and implement a filtered bridge setup so that wireless devices and LAN devices can remain in the same network but I can maintain some control over what wireless devices see what LAN devices.

    I have followed the many tutorials on the forum but many of these seem very out of date but the fact there is little recent info implies that the process should be very straight forward. The fact that it is not passing traffic also implies I have missed something obvious. Can anyone offer me any pointers?

    All I have done since defaulting the config is;

    • Add an IP to the WAN interface,

    • Add a permit any any rule to WAN rules,

    • Configure Bridge with LAN & WAN interface,

    • Set Manual Outbound NAT rule generation,

    • Left pfil_bridge as 0 as I will be configuring rules on the incoming and outgoing member interfaces (At least I think)

    I can ping the firewall IP from both sides and the firewall its-self has internet access via the default gateway (sky modem)
    One question, should the gatway for the LAN side PC's remain that of the sky modem ( or should it be changed to that of the firewall (

    I believe it should be the sky modem as the firewall should be transparent and its IP only used for management…

    Running 2.1.2


  • It's been a little while since I've messed with bridging myself, but I think one thing you might need to do is assign the bridge group to an interface.  Once done, you'll have a rules table for the bridge group, which you can put your any any rule to allow traffic to pass.

  • Hi and thanks for the reply.

    Yeh I think you may be right, I have been reading many, many post on the subject. I did try this initially but the LAN interface kept flapping and dropping packets and the CPU went to 100% but thinking back now it may have just got its knickers in a twist.

    Will try again and report back just for closure. I'm sure it shouldn't be this tricky and I'm not exactly retarded. Well not exactly!


  • What version of code are you on?  I recall having the same issue with the CPU spikes and LAN ports bouncing.  There was a fix written by jimp for that problem.  I believe they built the fix into more recent updates so the most recent update (2.1.2) should have it as well.

    Check out this conversation about the CPU spike and interface problem.

  • Right so I have the bridge working now by adding the interface as suggested. The high CPU load and dropping packets hasn't re-materialised.
    I've now added an any any rule to all three interfaces just to get it working. Now I need to understand how so stop it working in a controlled way if you know what I mean.

    I'm not too sure if I just use the "filter on the bridge interface" setting what the rules need to look like. If I try to keep the "filtering on incoming and outgoing member interface" I get in all sorts of trouble and it all grinds to a hault. Thank god for the restore last config setting via console what a fantastic option.

    I'm sure I'll figure it out, shouldn't really attempt this stuff when you get home from a hard days work. Always makes it take twice as long.


Log in to reply