Setting up a Bridge - Multiple NICs to act like a switch, like a SOHO router

Started by spidysense, May 04, 2016, 04:38:36 AM

Previous topic - Next topic
Print
Go Down Pages1 2
User actions
May 04, 2016, 04:38:36 AM Last Edit: May 27, 2016, 10:24:24 PM by spidysense
I have been looking for some good instructions on how to set up a bridge to have multiple NICs to act like a router (Bridge the interfaces to act like a switch, like on a SOHO router). The OPNsense guide doesn't really have much on setting one up, only a transparent filtering bridge.

I tried using these instructions for creating a bridge which is for PFSense. The process is nearly identical if not the same as OPNsense on how to Bridge Multiple Lan ports/NICs to act like a router.

My setup looks like this:
0 WAN, 1 LAN, 2 NIC, 3 NIC - I want to get NICs 2 & 3 on the same network as the LAN and lease out IPs on the same network: 192.168.1.2-192.168.1.255.

It seems I cannot get the bridge/NICs to function properly. I can get DHCP to work where other PCs are issued IP addresses but no WAN.

Are there any instructions for this specifically for OPNsense?
 
May 04, 2016, 07:25:49 AM #1
Hi there,

Biggest question is how is your layout... how many networks bridged, is WAN part of the bridge, etc. DHCP may give you the wrong gateway if not configured differently.

Bridging per se is not routing, you let your interface(s) act as a physical switch. Normally, routing is achieved by just adding the interfaces and then allowing all traffic between them, setting additional routes as needed. There should be no need for a bridge in a routing-centric setup. :)


Cheers,
Franco
May 04, 2016, 07:53:04 AM #2
Your requirement is somewhat confusing. If you want to bridge multiple NIC its better to use switch b/w OPNSense and clients for better management.

The documentation is required some improvements it seems. The scenarios where bridge filtering mode is applicable and what features will be available with bridge filtering mode should also be included.
May 04, 2016, 05:35:05 PM #3 Last Edit: May 04, 2016, 05:39:38 PM by spidysense
My setup looks like this:

0 WAN, 1 LAN, 2 NIC, 3 NIC - I want to get NICs 2 & 3 on the same network as the LAN and lease out IPs on the same network: 192.168.1.2-192.168.1.255.

May 11, 2016, 08:34:59 PM #4
Can you please share some more information how you have done routing and nat on your box? if DHCP is assigning IP to your clients it mean bridge is working.
May 12, 2016, 09:27:36 AM #5

I believe what he means is "how does he bridge the interfaces to all act like a switch" such as you would find on a SOHO router...

;)
May 27, 2016, 10:20:04 PM #6
Correct. I want to Bridge the interfaces to act like a switch.
June 28, 2016, 02:38:45 PM #7
Standard answer:

Use a switch, much cheaper and INTENDED to be used as a switch. Interfaces at your router are a powerful tool, would use it as such... :-)


http://www.tp-link.com/lk/products/details/cat-4763_TL-SG108.html
kind regards
chemlud
____
"The price of reliability is the pursuit of the utmost simplicity."
C.A.R. Hoare

felix eichhorns premium katzenfutter mit der extraportion energie

A router is not a switch - A router is not a switch - A router is not a switch - A rou....
October 03, 2017, 04:13:09 PM #8
Answering the OP's (old) question:
To bridge 2 NICs you have to define an interface for each NIC, for example NIC2 and NIC3.  I found that you can have mixes of IP v4 configurations: NIC2 with a fixed address and NIC3 with "None", or both NICs with a (different) fixed address.

As Franco warned, when you assign a fixed address to both, you can also tell DHCP to listen to both interfaces and it can issue leases on both interfaces.  However... here I was surprised... it only reports the leases on ONE of the interfaces (the last of the members).
December 30, 2017, 04:41:38 AM #9
I am going to be doing something like this soon with some 10Gbe cards so I can add a couple 10G connections to my network for my FreeNAS and my Desktop to use but would rather buy a couple extra Melanox cards (about 30 bucks) than to spend 300 on a switch when I have multiple PCIe slots open on my OPNsense box anyway.  The rest of the network is going to stay with 1Gb for now but I will still need that to all be able to connect to the FreeNAS.

If I bridge the interfaces will I need to add any rules so that the systems that are on the Melanox cards can deal with the rest of the network.  I already have my FreeNAS setup with a static IP address but should I be doing the same with my desktop?  I am more of a hardware guy but with a little help I can usually figure things out with software.

I am sure now that the Melanox 10Gbe cards can be found for around twenty bucks a piece that this will become more and more useful at least until the cost of the switches drops down to a decent price range.
January 07, 2018, 07:38:24 AM #10
Success.  For anyone interested I found some directions and they worked perfectly.  This post is coming from a bridged 10G X2 plus 1G LAN network.

Credist go to https://forum.pfsense.org/index.php?topic=48947.0

This is the instructions and are designed for pfSense but work with a few differences in spots of where the tunables are etc.

Quote1. Assign your additional interfaces and enable them with type 'none'. They will come up as OPT1, OPT2 etc.
2. Switch bridge filtering from the bridge members onto the bridge itself (assuming you don't need to apply firewall rules between devices on the bridge/switch). Go to System: Advanced: System Tunables: and edit the two values.
Change net.link.bridge.pfil_member to 0.
Change net.link.bridge.pfil_bridge to 1.
Apply these changes.
3. Now create a bridge in Interfaces: (assign): Bridges: and add to it the additional interfaces you just created, you can select multiple interfaces by holding Ctrl. I named the bridge 'Switch Configuration' to remind me how I have configured it.
4. Now go to Interfaces: (assign) and change the LAN assignment to bridge0. Save and reconnect your ethernet cable to one of the bridge interfaces. It should come back up, however you will want to make sure you have console access before you do this as if you've done something different you could end up locked out!  ;)
5. Assign the interface that was originally assigned to LAN and enable it with type 'none'. Add it to bridge0 to include it in the 'switch'.

After step 3/4 are done REBOOT.  The bridge should be working.

October 17, 2018, 06:09:37 PM #11 Last Edit: October 17, 2018, 06:15:41 PM by ricsip
Hello all,

I know this is an old thread, but hope resurrecting from the dead wont harm anyone.

I am trying to accomplish something similar as the OP.

My router has a total of 3 interfaces:

- igb0: that physical interface is connecting to the WAN, there is no question at this part
- igb1: that physical interface was formerly configured as  THE "LAN" interface. This interface connects to a L2 switchport, and has been configured with a static IP for example 10.0.0.1 (the LAN subnet is for example 10.0.0.0/24). All clients reach the internet through the L2 switchport conecting to the routers igb1 interface
- igb2: that physical interface was never used, and as a result never created, e.g. its not listed in the interface list

But, now I have to implement a new change: enable igb2 (called OPT1 in the interface list). Connect a PC to igb2, that should be part of the same 10.0.0.0/24 LAN as the rest of the network behind igb1. This new PC should also be able both to reach internet through the router. Existing users should reach the router through the same "igb1" interface, as before.
Unfortunately connecting this PC to the existing L2 switch on an unused switchport is not an option. I thought a virtual interface called "bridge0" setup as "Other type\bridge", populated with two members:
member1: igb1
member2: igb2
would be the only viable solution. And this is where I am actually stuck: I administer the router via HTTP (its IP 10.0.0.1, assigned to igb1) from a PC. I somehow figured out, that the LAN address 10.0.0.1 should be migrated from the physical interface called "igb" to the newly created virtual interface called "bridge0". But doing it from the network in-band sounds a very risky procedure, as any mistake or incorrect sequence of steps done can lock me out of the box in a millisecond. Perform this whole LAN bridging config via out-of-band (serial connection) sounds more reasonable.

And this is where I stuck: all I could find was this thread in the forum, the opnsense GUI or the WIKI is 0.00% helpful in this topic. After reading this Step1-5 procedure, I believe some steps in the middle are either missing, or not explained in greater details. But for me it results loss of access to the router, and have to roll-back interface assignment: LAN --> igb1 to get access to the router again (thanks god I have a serial, and the router is in physical proximity).

Somebody with some spare time could maybe copy-paste the entire text from step1-5, and extend with some more verbose details, like which interface(s) owns the LAN mgmt IP at what step, which physical interface (igb1,2) is member of what group (bridge or solo or unassigned?) during the procedure, which step requires mandatory config apply, router reboot, which menu item in the GUI should be used to perform the step, etc. etc. etc.?
October 18, 2018, 09:02:46 AM #12
OPNsense 24.7 - Qotom Q355G4 - ISP - Squirrel 1Gbps.

Team Rebellion Member
October 18, 2018, 07:11:07 PM #13
Hmm, looks like the lan_bridge.rst file is not hooked up to a parent page so it's not showing up on https://docs.opnsense.org/


Cheers,
Franco
October 18, 2018, 10:39:18 PM #14
Quote from: marjohn56 on October 18, 2018, 09:02:46 AM
https://github.com/opnsense/docs/blob/77fd7b8b7a844092fbff832f28a1f26574a23d65/source/manual/how-tos/lan_bridge.rst

Thanks, this worked!

If I have some extra lines to extend here and there, could I send to you for importing into the docs?
Print
Go Up Pages1 2
User actions