EDIT: Why would I want to do such a thing?
This is a test, and there is 1 machine behind pfSense that I wish to manage, and Wi-Fi makes that easy.
Carrying on:
The auto-suggessted topics by Server Fault were very relevant. However, I was not able to make use of the answers, and I didn't realize, but I don't have enough rep here to comment to bump them to get answers (I do elsewhere though). I found more chatter about pfSense here than on the Network Engineering SE, so I figured this would be a good place to ask for help.
I discovered pfSense a week or so ago and set up a laptop with 2.2.6 to test it out on. The built in Ethernet port is the WAN (re0), I installed a USB Ethernet adapter (ue0), and bridged ue0 and the Wi-Fi (ath0). I also set up the WAN to route to a commercial OpenVPN provider.
LAN and Wi-Fi can grab DHCP addresses from pfSense, and go out the VPN. However, they cannot talk to each other. I would like for them to talk to each other too. The Wi-Fi is simply for me to manage the single machine on the LAN, not some major thoroughfare of traffic.
If I am successful with this test, I will eventually purpose build a machine to different specs and re-architect things. My intent was a down and dirty, quick test to get things up and running.
I have stumbled across several posts on the pfSense forum, and various SE's, asking for help getting bridging to work, and there are several questions here, all/most of which have answers with "Yeah, I got it working"; but as a pfSense and BSD n00b, I am having a hard time making heads or tails out of their answers or instructions.
- Should bridging allow LAN and Wi-Fi to talk to each other without further configuration?
- If further configuration is needed, what is the recommended methodology? I have seen mention of NAT and firewall rules. Is there a preferred method?
- What steps should be taken to implement the method in #2?
I have read the docs on the pfSense page and from what I can tell, the bridge between interfaces should allow for communications.
I have tried following this article and either I did it wrong, or it no longer applies.
This page https ://forum.pfsense.org/index.php?topic=20917.0 was written a long time ago, and I don't know enough about pfSense to really follow his written directions. The part about the extra adapter is what's throwing me for the loop.
Related articles:
http ://serverfault.com/questions/157557/pfsense-with-a-bridge-as-a-lan-interface-traffic-blocked-between-interfaces
http ://serverfault.com/questions/299380/how-do-i-route-between-interfaces-in-pfsense?rq=1
http ://serverfault.com/questions/409043/allowing-traffic-across-the-interface-members-of-a-pfsense-bridge
http ://serverfault.com/questions/362567/pfsense-bridge-on-of-the-network-interfaces
The devices on the LAN and on the Wifi have the same network address ? Or they're different networks if we talk about IP networks ?
Try to look if the Firewall it's your problem:
Create on
Firewall / Rulesone Rule allowing the access to the LAN network if the source it's the Wifi networkAction = pass
Interface = Select on the combo
Lan address nameprotocol = any
Source = Select on the combo "
Name of the wan networknet"Destination = Select on the combo "
Name of the LAN networknet"Log = Check it to see on the System Logs info about the packet it controls. When it runs ok you can remove it.
To see the log of the Firewall go to:
Status / System Logs / Firewall tabI was in your case and I have resolved the problem by doing the following setup :
I have just added 2 rules to allow all traffic between the Bridge content interfaces (wired and wireless). Tested on pfsense v2.4.4.
In my case, my interfaces setup are :
Please see below (Screenshot links) an example for the Wireless interface. This is the same rule for the wired interface.
Step one - Disable the added rule - Ping KO
Step two - Enable the added rule - Ping OK
NB : On the left side, this is the Wireless device IP and on the right side, this is a ping to the wired device IP.