OPNsense Forum
Archive => 15.1 Legacy Series => Topic started by: macafee on April 13, 2015, 10:54:11 am
-
I am using OPNsense 15.1.9-amd64 now. I found a strange problem about bridge mode. I use the Intel I350 4-Port NIC to create a bridge named bridge0. The bridge0 as LAN interface use ip address 192.168.1.254, the port1 of the bridge connected to a pc with ip address 192.168.1.10, the port2 of the bridge connected to another pc with ip address 192.168.1.20. Two pcs can ping 192.168.1.254 and connect to the internet. But the pcs cannt ping and connect to each other. I have set the lan rules of firewall.
IPv4 * LAN net * * * * none Default allow LAN to any rule
Why does pcs cannt connect to each other?
-
I am testing this since yesterday having a couple of issues that I haven't been able to locate. The bridge setup isn't as clear as it should especially WRT the bridge being hooked into an existing interfaces as opposed to moving the existing interface config to the bridge. I'll look into this more in the next few days. Thank you for the report. :)
-
I am looking forward to your solutions. Thank you!
-
I have resolved this problem.
sysctl net.link.bridge.pfil_member=0
Everything works great!
-
Thanks for looking into this. Are you using the captive portal functionality as well? Traffic shaping configured? It seems a bit odd that this fixes the issue. It will certainly break other setups. I am suspecting that our kernel patch rework (going back to FreeBSD standards) will help with this problem, but we are still debating how much we clean up short term and what will stay in place for a while.
-
I'm not using the captive portal and traffic shaping. What did you mean that it will cretainly break other setups.
-
Yep, using the captive portal or traffic shaping will want this sysctl to be set, otherwise the traffic of said brigde might be hidden from those features. Lots of speculation surrounding kernel patches. Ad is working on cleaning these up so we can have a more standards-compliant kernel that works just as well in the future.
-
Does the problem persist with 15.1.10? Make sure you have the latest kernel. uname -a would help as the FreeBSD version hasn't changed. :)
-
Do you mean that change sysctl net.link.bridge.pfil_member=1 and test it again?
-
Yes, exactly.
-
I had retested it. It works very well. Thank you.
-
Great, thanks for reporting back! :)
-
Today, I updated the system to OPNsense 15.1.10.2 version and retarted the system.
Now the strange problem is still existence. The bug is not fixed.
-
Did you update via GUI or Console?
-
updated via console menu 12.
-
Alright, we will discuss this today or tomorrow at our dev meet-up to see if we can solve this. Thanks for keeping us up to date. :)