1. Home
  2. pfSense® Software
  3. General pfSense Questions
  4. Bridge across LAN ports

Bridge across LAN ports

  • Z

    I have been trying for the past day to get what I feel is something simple working and I have no reached a point where I need to post in the forums.

    I have a 4 port NIC in my system and I want to bridge all 4 ports into a single subnet for my LAN. I have successfully created the bridge (minus one port for now so I don't lock myself out of the web interface) and assigned the bridge to LAN. I have a static IPV4 address assigned to the bridge with a DHCP server listening. None of the ports that are members of the bridge are assigned IPs (have "None" set for their config type). When connecting my laptop to one of the ports that is a member of the bridge, I am assigned an IP from the DHCP server but I am unable to make any connections, not even pinging the bridge IP itself. If I connect my laptop to the unbridged port, I have no problems connecting and can ping the bridge IP.

    To ensure I'm not hitting any firewall blocks I have completely disabled the firewall (pfctl -d) and have disabled filtering on the bridge members (net.link.bridge.pfil_member = 0). At this point I am out of ideas. I know setting up a bridge between interfaces is not a difficult task so I must be missing something obvious. If you need any more info, please ask. Any help would be greatly appreciated.

    Not sure if this is relevant or not, but I am running pfsense as a virtualbox VM. The physical 4 port NIC is attached to the host and with the virtualbox config I am bridging the adapters into pfsense. The host itself is not IP bound to any adapters.

    EDIT: I eventually decided that there must be something about Virtualbox that is causing my grief. Probably an advanced setting somewhere that I have to tweak but was unable to find. In the end, I decided to give KVM a try instead of Virtualbox. Using the same exact setup with KVM, I was able to get all 4 ports bridged without difficulty. Now time to move on to the more fun stuff!

    0
  • jimp
    Rebel Alliance Developer Netgate

    FYI- In VirtualBox for that you likely must set its NIC configuration to allow promiscuous mode. See attached.


    0
  • johnpoz
    LAYER 8 Global Moderator

    "I have a 4 port NIC in my system and I want to bridge all 4 ports into a single subnet for my LAN. "

    What F'ing waste – dude just curious how much did that 4 port nic cost you?  How do you think a 8 port gig switch with a 20GB backplane would cost? ;)

    0
  • K

    Oooooppppssss.  I pressed the thanks button.

    BTW - Seems like people often want to replace a simple cheap switch with NICs.  No Idea why.

    0
  • Z

    It didn't cost me anything. I've had it sitting in a box for a couple years from an old job. Figured I'd put it to use.

    0
  • Derelict
    LAYER 8 Netgate

    It seems to be an epidemic.

    0
  • johnpoz
    LAYER 8 Global Moderator

    Tell you what, send it to me - and I will send you a switch with 8 ports.. 8 = double what that nic has,.  And throw in a single port nic can ue in your pfsense box.

    Sound fair? ;)

    Here is a better use of that quad nic.

    1. Sell on ebay, craigslist, etc..
    2. Take money and buy new single nic, multple switches if so desired - or decent smart swith with management functionality, etc. etc.
    3. Take rest of money and buy beer, start collage fund for kids, go to the track, etc.

    Your not making good use of it trying to use it as switch – its NOT a switch!!  Will not perform any where close to switch in speed, etc..

    So not sure what nic you have - but there are not a lot of quad nics that are cheap..  Here is cheapest intel quad on newegg
    http://www.newegg.com/Product/Product.aspx?Item=N82E16833106050&ignorebbr=1

    $239

    Here is a cisco SG300 10 port managed switch 10/100/1000 with sfp support even with 2 combo ports, so you could add fiber with a 20GB backplane..  Supports pretty much anything you could think of for very little money..  Great for small smb, home, etc.

    http://www.newegg.com/Product/Product.aspx?Item=N82E16833150087&cm_re=sg300--33-150-087--Product

    $172, still leaves plenty of money for a decent single port intel nic.

    Sell the nic for $100, get a $50 8 port gig dumb switch and still have $50 left for beer! ;)

    0
  • K

    A good use for the NIC could be to provide dual WAN with load balancing or failover plus a LAN for you plus a LAN segment for visitors that has no access to your local files and shares etc.

    But how to make it operate like a switch?

    I'm clueless on that one.  Its asked occasionally and no one ever gives a good answer.

    0
  • stephenw10
    Netgate Administrator

    It's been answered plenty of times, the OP has done it correctly here. If you bridge the interfaces and move filtering from the bridge members to the bridge interface then the resulting interfaces will behave like switch. It will be much slower than even the cheapest switch (in most cases) but there are advantages. You can filter traffic between the ports for example. There are legitimate reasons to do this, buying a quad port nic just yo bridge them is not one of them.
    I have 3 interfaces bridged on my home box here. It has 10 NICs, they aren't removable and I don't need 10 subnets. The box cost me £40.  ;)

    Steve

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy