Bridge Mode Strange Problem

Started by macafee, April 13, 2015, 10:54:11 AM

Previous topic - Next topic
Print
Go Down Pages1 2
User actions
April 13, 2015, 10:54:11 AM Last Edit: May 15, 2015, 11:40:21 AM by franco
I am using OPNsense 15.1.9-amd64 now. I found a strange problem about bridge mode. I use the Intel I350 4-Port NIC to create a bridge named bridge0. The bridge0 as LAN interface use ip address 192.168.1.254, the port1 of the bridge connected to a pc with ip address 192.168.1.10, the port2 of the bridge connected to another pc with ip address 192.168.1.20. Two pcs can ping 192.168.1.254 and connect to the internet. But the pcs cannt ping and connect to each other. I have set the lan rules of firewall.
IPv4 *    LAN net    *    *    *    *    none         Default allow LAN to any rule     

Why does pcs cannt connect to each other?
                                                   
April 14, 2015, 11:16:27 AM #1
I am testing this since yesterday having a couple of issues that I haven't been able to locate. The bridge setup isn't as clear as it should especially WRT the bridge being hooked into an existing interfaces as opposed to moving the existing interface config to the bridge. I'll look into this more in the next few days. Thank you for the report. :)
April 14, 2015, 06:22:44 PM #2
I am looking forward to your solutions. Thank you!
April 18, 2015, 05:23:08 PM #3
I have resolved this problem.

sysctl net.link.bridge.pfil_member=0

Everything works great!
April 20, 2015, 09:36:32 AM #4
Thanks for looking into this. Are you using the captive portal functionality as well? Traffic shaping configured? It seems a bit odd that this fixes the issue. It will certainly break other setups. I am suspecting that our kernel patch rework (going back to FreeBSD standards) will help with this problem, but we are still debating how much we clean up short term and what will stay in place for a while.
April 21, 2015, 08:25:45 AM #5
I'm not using the captive portal and traffic shaping. What did you mean that it will cretainly break other setups.
April 21, 2015, 02:59:32 PM #6
Yep, using the captive portal or traffic shaping will want this sysctl to be set, otherwise the traffic of said brigde might be hidden from those features. Lots of speculation surrounding kernel patches. Ad is working on cleaning these up so we can have a more standards-compliant kernel that works just as well in the future.
May 04, 2015, 04:59:55 PM #7
Does the problem persist with 15.1.10? Make sure you have the latest kernel. uname -a would help as the FreeBSD version hasn't changed. :)
May 05, 2015, 12:04:17 PM #8
Do you mean that change sysctl net.link.bridge.pfil_member=1 and test it again?
May 05, 2015, 09:37:59 PM #9
Yes, exactly.
May 12, 2015, 12:26:00 PM #10
I had retested it. It works very well. Thank you.
May 12, 2015, 01:21:03 PM #11
Great, thanks for reporting back! :)
May 15, 2015, 11:18:53 AM #12
Today, I updated the system to OPNsense 15.1.10.2 version and retarted the system.

Now the strange problem is still existence. The bug is not fixed.
May 15, 2015, 11:40:11 AM #13
Did you update via GUI or Console?
May 18, 2015, 02:51:28 AM #14
updated via console menu 12.
Print
Go Up Pages1 2
User actions