[Solved] Port Forward to LAN Bridge

Started by ab5g, June 17, 2019, 10:02:56 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
June 17, 2019, 10:02:56 AM Last Edit: June 18, 2019, 04:27:41 PM by ab5g
Hi

Can anyone help me understand why this is not working ?


  • I have a firewall in L3 mode terminating my ISP connection.
  • I have configured 2 ports on the LAN side which are bridged into a single LAN (192.168.1.0/24) - Lets call them LAN1 and LAN2 ports.
  • On the firewall I have setup a port forward from my external IP:Port to internal IP:Port - Added the NAT rule/corresponding firewall rule.
  • When I try to access a machine on LAN2 port from LAN 1 port --> it works
  • When I try to access a machine on LAN2 port from WAN port --> doesn't work .

I looked at the live logs and can see the packet from WAN hit the NAT rule and is allowed. I can also see the packet that the firewall sends to the bridge group after the NAT rule.[/img]
The packet disappears after this - I don't see it on the machine. Verified the machine has no firewall.

The following parameters are set as below

net.link.bridge.pfil_member is set to 0
net.link.bridge.pfil_bridge   is set to 1

P.S - I am running this on a baremetal box (no VMware)
DIY Tech >> www.zero-ping.blog
June 17, 2019, 01:13:33 PM #1
Your title is a bit confusing; port forward is layer 3 and a bridge is layer 2.

Reduce your problem. Remove the bridge and configure port forwarding for your internal host using this guide: https://forum.opnsense.org/index.php?topic=8783.0

When that works, add the bridge to the mix and see if that breaks it.

Bart...
June 17, 2019, 02:28:18 PM #2
Sorry if the title is confusing.

I had it setup minus the bridge and the port forward worked perfectly ( thanks to the awesome  documentation here).
The bridge is breaking it.  I had set it up using this guide https://wiki.opnsense.org/manual/how-tos/lan_bridge.html
The bridge is working correctly, I get dhcp to the devices, the devices can talk to each other on layer 2 even when they are connected to two different physical ports.
So I'm missing something, perhaps a filter??

Thanks for the help
DIY Tech >> www.zero-ping.blog
June 18, 2019, 04:26:47 PM #3
Well, I found the answer. The bridge was working fine. Apparently the system in question was a osx machine and I recently installed the macserver app on it. For some reason the app was blocking the packets. All good now :)
DIY Tech >> www.zero-ping.blog
Print
Go Up Pages1
User actions