Blog

03/06/2019

How To PFSense Configure Network Interface As A Bridge / Network Switch



I have Soekris single board communication embedded computers which is optimized for low power and network usage. The server has four Ethernet ports. I’ve installed PFSense firewall on it and configure WAN + LAN ports. How do I setup IPv4 software bridge using PFSense so that the rest of ports act as a network switch?

[donotprint][/donotprint]pfSense is an open source firewall/router computer software distribution based on FreeBSD. FreeBSD supports the bridge device. A bridge interface device can be created using pfSense. A bridge interface creates a logical link between two or more Ethernet interfaces or encapsulation interfaces. This link between the interfaces selectively forwards frames from each interface on the bridge to every other interface on the bridge. A bridge can serve several services, including isolation of traffic between sets of machines so that traffic local to one set of machines is not available on the wire of another set of machines, and it can act as a transparent filter for ip datagrams. This will work at layer 2 broadcast/collision domain.

Our sample setup

The setup is as follows:

           +------------+
           |  NAS       |             192.168.1.254 (lan)
           |  Server 01 +------>--------+    +----------+
           +------------+               |    |          |
        192.168.1.10                    lan -+          +- wan (rl0)  ISP/Internet 
            +---------+                      |          |   Public IP: 202.54.1.1        
            | Desktop |                      | PFSense  |   
            +---------+------->----------+   | Host     |
        192.168.1.11                    opt1-+          |
            +------------+                   |          |
            | HP         |                   |          |
            | Printer 01 +------------->opt2-+          |
            +------------+                   +----------+
        192.168.1.12    

        Bridge0 includes following (note only lan interface needs an IP address)
        lan = vr0 = IP: 192.168.1.254
        opt1 = vr1 = IP: none
        opt2 = vr2 = IP: none

I’m going to assume that you’ve already assigned and configured wan and lan interfaces.

Step #1: Assign opt1 and opt2 interfaces

First, assign and enable all the additional interfaces such as opt1, opt2 and so on by visiting Interfaces > (assign) option:

Fig.01: Assign network ports

Click on each interface name such as opt1, opt2, opt3 and select “Enable Interface“. Make sure IPv4/IPv6 Configuration Type set to “None“. Finally click on the “Save” button:

Fig.02: Setting up opt2 interface

Warning: Only one interface on a bridge should have an IP address. In this example, I’ve assigned IP address to lan interface (192.168.1.254). Do not add multiple IP addresses in the same subnet on different bridge member interfaces. Other interfaces on the bridge should remain with an IP type of None.

Step #2: Create a bridge interface

Visit Interfaces > (assign > Bridges option. Click on + symbol to add bridge0 and select member interfaces such as LAN, OPT1, OPT2 and so on. In this example, I’m only selecting LAN and OPT3 as member interfaces for bridge0:

Fig.03: Configure bridging of interfaces (lan and opt3)

My final bridge0 interface will look as follows:

Fig.04: Interfaces: Bridge

Step #3: Adding a firewall rule

You need to add a firewall rule to allow traffic between each interface of the bridge. Click on Firewall > Rules > Select Lan interface. You need to select opt1, opt3 and so on. I suggest that you add a simple rule like “Default allow interface to any rule” i.e. set Protocol: any, Source: any, Destination: any > and click on the “Save” button:

Fig.05: Add a firewall rule

Feel free to adjust firewall rules as per your needs and setup.

Step #4: Test it

Open the Terminal app and try to ping between nas server, printer and desktop using ping command:

ping 192.168.1.10
ping 192.168.1.254

Posted by: SXI ADMIN

The author is the creator of nixCraft and a seasoned sysadmin, DevOps engineer, and a trainer for the Linux operating system/Unix shell scripting. Get the latest tutorials on SysAdmin, Linux/Unix and open source topics via RSS/XML feed or weekly email newsletter.

14/08/2019

How to KVM, QEMU start or stop virtual machine from command line (CLI)

KVM or Kernel Based Virtual Machine is a popular virtualization technology. It allows you to run virtual guest machines over a host machine. To start...
14/08/2019

How to Docker backup Saving and restoring your volumes

Running a Docker volume backup First, we spin up a temporary container, and we mount the backup folder and the target Docker volume to this container....
12/08/2019

How to Start and Enable Firewalld on CentOS 7

In this article, we discuss how to start and enable firewalld. It is highly recommended that you have a firewall protecting your server.Pre-Flight CheckThese...