OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 19.1 Legacy Series »
  • [Solved] Port Forward to LAN Bridge
« previous next »
  • Print
Pages: [1]

Author Topic: [Solved] Port Forward to LAN Bridge  (Read 4863 times)

ab5g

  • Newbie
  • *
  • Posts: 20
  • Karma: 1
    • View Profile
[Solved] Port Forward to LAN Bridge
« on: June 17, 2019, 10:02:56 am »
Hi

Can anyone help me understand why this is not working ?

  • I have a firewall in L3 mode terminating my ISP connection.
  • I have configured 2 ports on the LAN side which are bridged into a single LAN (192.168.1.0/24) - Lets call them LAN1 and LAN2 ports.
  • On the firewall I have setup a port forward from my external IP:Port to internal IP:Port - Added the NAT rule/corresponding firewall rule.
  • When I try to access a machine on LAN2 port from LAN 1 port --> it works
  • When I try to access a machine on LAN2 port from WAN port --> doesn't work .

I looked at the live logs and can see the packet from WAN hit the NAT rule and is allowed. I can also see the packet that the firewall sends to the bridge group after the NAT rule.[/img]
The packet disappears after this - I don't see it on the machine. Verified the machine has no firewall.

The following parameters are set as below

net.link.bridge.pfil_member is set to 0
net.link.bridge.pfil_bridge   is set to 1

P.S - I am running this on a baremetal box (no VMware)
« Last Edit: June 18, 2019, 04:27:41 pm by ab5g »
Logged
DIY Tech >> www.zero-ping.blog

bartjsmit

  • Hero Member
  • *****
  • Posts: 2023
  • Karma: 194
    • View Profile
Re: Port Forward to LAN Bridge
« Reply #1 on: June 17, 2019, 01:13:33 pm »
Your title is a bit confusing; port forward is layer 3 and a bridge is layer 2.

Reduce your problem. Remove the bridge and configure port forwarding for your internal host using this guide: https://forum.opnsense.org/index.php?topic=8783.0

When that works, add the bridge to the mix and see if that breaks it.

Bart...
Logged

ab5g

  • Newbie
  • *
  • Posts: 20
  • Karma: 1
    • View Profile
Re: Port Forward to LAN Bridge
« Reply #2 on: June 17, 2019, 02:28:18 pm »
Sorry if the title is confusing.

I had it setup minus the bridge and the port forward worked perfectly ( thanks to the awesome  documentation here).
The bridge is breaking it.  I had set it up using this guide https://wiki.opnsense.org/manual/how-tos/lan_bridge.html
The bridge is working correctly, I get dhcp to the devices, the devices can talk to each other on layer 2 even when they are connected to two different physical ports.
So I'm missing something, perhaps a filter??

Thanks for the help
Logged
DIY Tech >> www.zero-ping.blog

ab5g

  • Newbie
  • *
  • Posts: 20
  • Karma: 1
    • View Profile
Re: Port Forward to LAN Bridge
« Reply #3 on: June 18, 2019, 04:26:47 pm »
Well, I found the answer. The bridge was working fine. Apparently the system in question was a osx machine and I recently installed the macserver app on it. For some reason the app was blocking the packets. All good now :)
Logged
DIY Tech >> www.zero-ping.blog
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 19.1 Legacy Series »
  • [Solved] Port Forward to LAN Bridge
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2