OPNsense Forum

Archive => 19.1 Legacy Series => Topic started by: ab5g on June 17, 2019, 10:02:56 am

Title: [Solved] Port Forward to LAN Bridge
Post by: ab5g on June 17, 2019, 10:02:56 am

Hi

Can anyone help me understand why this is not working ?

• I have a firewall in L3 mode terminating my ISP connection.
• I have configured 2 ports on the LAN side which are bridged into a single LAN (192.168.1.0/24) - Lets call them LAN1 and LAN2 ports.
• On the firewall I have setup a port forward from my external IP:Port to internal IP:Port - Added the NAT rule/corresponding firewall rule.
• When I try to access a machine on LAN2 port from LAN 1 port --> it works
• When I try to access a machine on LAN2 port from WAN port --> doesn't work .

I looked at the live logs and can see the packet from WAN hit the NAT rule and is allowed. I can also see the packet that the firewall sends to the bridge group after the NAT rule.[/img]
The packet disappears after this - I don't see it on the machine. Verified the machine has no firewall.

The following parameters are set as below

net.link.bridge.pfil_member is set to 0
net.link.bridge.pfil_bridge   is set to 1

P.S - I am running this on a baremetal box (no VMware)

Title: Re: Port Forward to LAN Bridge
Post by: bartjsmit on June 17, 2019, 01:13:33 pm

Your title is a bit confusing; port forward is layer 3 and a bridge is layer 2.

Reduce your problem. Remove the bridge and configure port forwarding for your internal host using this guide: https://forum.opnsense.org/index.php?topic=8783.0

When that works, add the bridge to the mix and see if that breaks it.

Bart...

Title: Re: Port Forward to LAN Bridge
Post by: ab5g on June 17, 2019, 02:28:18 pm

Sorry if the title is confusing.

I had it setup minus the bridge and the port forward worked perfectly ( thanks to the awesome  documentation here).
The bridge is breaking it.  I had set it up using this guide https://wiki.opnsense.org/manual/how-tos/lan_bridge.html
The bridge is working correctly, I get dhcp to the devices, the devices can talk to each other on layer 2 even when they are connected to two different physical ports.
So I'm missing something, perhaps a filter??

Thanks for the help

Title: Re: Port Forward to LAN Bridge
Post by: ab5g on June 18, 2019, 04:26:47 pm

Well, I found the answer. The bridge was working fine. Apparently the system in question was a osx machine and I recently installed the macserver app on it. For some reason the app was blocking the packets. All good now :)