Text only | Text with Images

OPNsense Forum

English Forums => 25.1, 25.4 Production Series => Topic started by: agh1701 on July 20, 2025, 11:23:46 PM

Title: Bridge isn't passing traffic between physical ports
Post by: agh1701 on July 20, 2025, 11:23:46 PM
Hi all,

I have followed the steps Here LAN Bridge (https://docs.opnsense.org/manual/how-tos/lan_bridge.html) and DHCP works but I cannot access a device on one bridge port from another port.  I have set the tunables and checked the spelling. Anybody have any ideas?
Title: Re: Bridge isn't passing traffic between physical ports
Post by: Patrick M. Hausen on July 20, 2025, 11:53:42 PM
Post the output of
Code Select
ifconfigplease, formatted as code.
Title: Re: Bridge isn't passing traffic between physical ports
Post by: agh1701 on July 21, 2025, 12:04:13 AM
Code Select
root@rtr:~ # ifconfig
igc0: flags=1008943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
        description: OPT1 (opt1)
        options=4802028<VLAN_MTU,JUMBO_MTU,WOL_MAGIC,HWSTATS,MEXTPG>
        ether 34:1a:4c:03:bc:79
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
igc1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        description: OPT2 (opt2)
        options=4802028<VLAN_MTU,JUMBO_MTU,WOL_MAGIC,HWSTATS,MEXTPG>
        ether 34:1a:4c:03:bc:7a
        media: Ethernet autoselect
        status: no carrier
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
igc2: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        description: OPT3 (opt3)
        options=4802028<VLAN_MTU,JUMBO_MTU,WOL_MAGIC,HWSTATS,MEXTPG>
        ether 34:1a:4c:03:bc:7b
        media: Ethernet autoselect
        status: no carrier
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
igc3: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        description: OPT4 (opt4)
        options=4802028<VLAN_MTU,JUMBO_MTU,WOL_MAGIC,HWSTATS,MEXTPG>
        ether 34:1a:4c:03:bc:7c
        media: Ethernet autoselect
        status: no carrier
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
igc4: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        description: OPT5 (opt5)
        options=4802028<VLAN_MTU,JUMBO_MTU,WOL_MAGIC,HWSTATS,MEXTPG>
        ether 34:1a:4c:03:bc:7d
        media: Ethernet autoselect
        status: no carrier
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
igc5: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
        description: WAN (wan)
        options=4802028<VLAN_MTU,JUMBO_MTU,WOL_MAGIC,HWSTATS,MEXTPG>
        ether 34:1a:4c:03:bc:7e
        inet 69.76.39.223 netmask 0xfffffc00 broadcast 255.255.255.255
        inet6 fe80::361a:4cff:fe03:bc7e%igc5 prefixlen 64 scopeid 0x6
        inet6 2605:a000:dfc0:1d:903a:4278:8616:d7b6 prefixlen 128 pltime 521872 vltime 521872
        media: Ethernet autoselect (2500Base-T <full-duplex>)
        status: active
        nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
lo0: flags=1008049<UP,LOOPBACK,RUNNING,MULTICAST,LOWER_UP> metric 0 mtu 16384
        options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
        inet 127.0.0.1 netmask 0xff000000
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x7
        groups: lo
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
enc0: flags=1000041<UP,RUNNING,LOWER_UP> metric 0 mtu 1536
        options=0
        groups: enc
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
pfsync0: flags=0 metric 0 mtu 1500
        options=0
        maxupd: 128 defer: off version: 1400
        syncok: 1
        groups: pfsync
pflog0: flags=20100<PROMISC,PPROMISC> metric 0 mtu 33152
        options=0
        groups: pflog
wg1: flags=10080c1<UP,RUNNING,NOARP,MULTICAST,LOWER_UP> metric 0 mtu 1390
        description: TorGuardVPNw1 (opt6)
        options=80000<LINKSTATE>
        inet 10.13.128.121 netmask 0xffffff00
        groups: wg wireguard
        nd6 options=9<PERFORMNUD,IFDISABLED>
wg2: flags=10080c1<UP,RUNNING,NOARP,MULTICAST,LOWER_UP> metric 0 mtu 1390
        description: TorGuardVPNw2 (opt7)
        options=80000<LINKSTATE>
        inet 10.13.110.213 netmask 0xffffff00
        groups: wg wireguard
        nd6 options=9<PERFORMNUD,IFDISABLED>
bridge0: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
        description: LAN (lan)
        options=100000<NETMAP>
        ether 58:9c:fc:10:ff:80
        inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
        inet6 fe80::5a9c:fcff:fe10:ff80%bridge0 prefixlen 64 scopeid 0xd
        inet6 2603:6011:e300:8adb:5a9c:fcff:fe10:ff80 prefixlen 64
        id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
        maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
        root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
        member: igc4 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 5 priority 128 path cost 2000000
        member: igc3 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 4 priority 128 path cost 2000000
        member: igc2 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 3 priority 128 path cost 2000000
        member: igc1 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 2 priority 128 path cost 2000000
        member: igc0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 1 priority 128 path cost 55
        groups: bridge
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
wg0: flags=10080c1<UP,RUNNING,NOARP,MULTICAST,LOWER_UP> metric 0 mtu 1420
        options=80000<LINKSTATE>
        inet 192.168.1.224 netmask 0xfffffff8
        groups: wg wireguard
        nd6 options=109<PERFORMNUD,IFDISABLED,NO_DAD>
Title: Re: Bridge isn't passing traffic between physical ports
Post by: Patrick M. Hausen on July 21, 2025, 06:59:05 AM
Apart from igc0 there seems to be nothing connected to the other 4 bridge ports: "no carrier".
Title: Re: Bridge isn't passing traffic between physical ports
Post by: Kets_One on July 21, 2025, 08:49:19 AM
i see active connections on igc0 and igc5.
However, igc5 is not to a member of "bridge".
Title: Re: Bridge isn't passing traffic between physical ports
Post by: Patrick M. Hausen on July 21, 2025, 08:51:32 AM
igc5 is the WAN interface, apparently.
Title: Re: Bridge isn't passing traffic between physical ports
Post by: agh1701 on July 21, 2025, 02:24:08 PM
igc0 is my entire network
igc5 is my WAN

If I plug a PC int0 igc1 it gets DHCP and has access to the internet. I cannot ping a PC/device on igc0.  pinging the PC on igc1 from a PC on igc0 yields the same results.  No ping.

It's like these settings have no effect:
Code Select
net.link.bridge.pfil_member = 0
net.link.bridge.pfil_bridge = 1
Title: Re: Bridge isn't passing traffic between physical ports
Post by: Patrick M. Hausen on July 21, 2025, 02:47:06 PM
You assigned LAN to bridge0, I assume? What are the firewall rules on LAN?

You could try setting Firewall > Settings > Advanced > Static route filtering.
Title: Re: Bridge isn't passing traffic between physical ports
Post by: agh1701 on July 21, 2025, 03:04:04 PM
Thanks.

Yes, LAN to bridge.  I forgot to mention all bridge ports on the same subnet.  I can try that setting later when I get home.
Title: Re: Bridge isn't passing traffic between physical ports
Post by: Patrick M. Hausen on July 21, 2025, 03:15:54 PM
Of course, subnet must be assigned to the bridge interface, not the individual ports. The latter are just layer 2.
Text only | Text with Images