pfSense bridging Wi-Fi and LAN: allow access between Wi-Fi and LANopenwrt uses a single interface bridge?pfSense with a bridge as a LAN interface : traffic blocked between interfacesCan I use pfsense or m0n0wall to simulate packet loss and jitter?How to configure pfsense to use LAN ports as local switched ports?OpenVPN Bridge on pfsense: once LAN pings clients, connectivity breaksVlan between Pfsense and Proxim hotspotspfsense Multiple WAN DNS issue : when primary fails , the DNS systems stopsHow can VM and Docker bridge traffic be routed through a pfSense VM?Allow pfSense to route from WAN to LANSetting up pfSense to bridge LAN NICs and connect WAN
In "Avengers: Endgame", what does this name refer to?
As a GM, is it bad form to ask for a moment to think when improvising?
Is there any other simpler way to draw the following cross section?
Python 3 - simple temperature program version 1.3
Installing Debian 10, upgrade to stable later?
What does the phrase "go for the pin" mean here?
Why is the blank symbol not considered part of the input alphabet of a Turing machine?
How to say something covers all the view up to the horizon line?
What do you call a painting painted on a wall?
Why are condenser mics so much more expensive than dynamics?
How can I obtain and work with a Platonic dodecahedron?
How did the Force make Luke hard to hit in the Battle of Yavin?
What would happen if I combined this polymer and this metal (assuming I can)
What is the thing used to help pouring liquids called?
Debian 9 server no sshd in auth.log
Why can't argument be forwarded inside lambda without mutable?
Does Thanos's ship land in the middle of the battlefield in "Avengers: Endgame"?
Two denim hijabs
HSA - Continue to Invest?
Gerrymandering Puzzle - Rig the Election
Antivirus for Ubuntu 18.04
Picking a theme as a discovery writer
How is trade in services conducted under the WTO in the absence of the Doha conclusion?
Is crescere the correct word meaning to to grow or cultivate?
pfSense bridging Wi-Fi and LAN: allow access between Wi-Fi and LAN
openwrt uses a single interface bridge?pfSense with a bridge as a LAN interface : traffic blocked between interfacesCan I use pfsense or m0n0wall to simulate packet loss and jitter?How to configure pfsense to use LAN ports as local switched ports?OpenVPN Bridge on pfsense: once LAN pings clients, connectivity breaksVlan between Pfsense and Proxim hotspotspfsense Multiple WAN DNS issue : when primary fails , the DNS systems stopsHow can VM and Docker bridge traffic be routed through a pfSense VM?Allow pfSense to route from WAN to LANSetting up pfSense to bridge LAN NICs and connect WAN
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;
EDIT: Why would I want to do such a thing?
This is a test, and there is 1 machine behind pfSense that I wish to manage, and Wi-Fi makes that easy.
Carrying on:
The auto-suggessted topics by Server Fault were very relevant. However, I was not able to make use of the answers, and I didn't realize, but I don't have enough rep here to comment to bump them to get answers (I do elsewhere though). I found more chatter about pfSense here than on the Network Engineering SE, so I figured this would be a good place to ask for help.
I discovered pfSense a week or so ago and set up a laptop with 2.2.6 to test it out on. The built in Ethernet port is the WAN (re0), I installed a USB Ethernet adapter (ue0), and bridged ue0 and the Wi-Fi (ath0). I also set up the WAN to route to a commercial OpenVPN provider.
LAN and Wi-Fi can grab DHCP addresses from pfSense, and go out the VPN. However, they cannot talk to each other. I would like for them to talk to each other too. The Wi-Fi is simply for me to manage the single machine on the LAN, not some major thoroughfare of traffic.
If I am successful with this test, I will eventually purpose build a machine to different specs and re-architect things. My intent was a down and dirty, quick test to get things up and running.
I have stumbled across several posts on the pfSense forum, and various SE's, asking for help getting bridging to work, and there are several questions here, all/most of which have answers with "Yeah, I got it working"; but as a pfSense and BSD n00b, I am having a hard time making heads or tails out of their answers or instructions.
- Should bridging allow LAN and Wi-Fi to talk to each other without further configuration?
- If further configuration is needed, what is the recommended methodology? I have seen mention of NAT and firewall rules. Is there a preferred method?
- What steps should be taken to implement the method in #2?
I have read the docs on the pfSense page and from what I can tell, the bridge between interfaces should allow for communications.
I have tried following this article and either I did it wrong, or it no longer applies.
This page https ://forum.pfsense.org/index.php?topic=20917.0 was written a long time ago, and I don't know enough about pfSense to really follow his written directions. The part about the extra adapter is what's throwing me for the loop.
Related articles:
http ://serverfault.com/questions/157557/pfsense-with-a-bridge-as-a-lan-interface-traffic-blocked-between-interfaces
http ://serverfault.com/questions/299380/how-do-i-route-between-interfaces-in-pfsense?rq=1
http ://serverfault.com/questions/409043/allowing-traffic-across-the-interface-members-of-a-pfsense-bridge
http ://serverfault.com/questions/362567/pfsense-bridge-on-of-the-network-interfaces
wifi bridge pfsense wireless-bridge
asked Mar 10 '16 at 15:16
YetAnotherRandomUserYetAnotherRandomUser
15429
add a comment |
EDIT: Why would I want to do such a thing?
This is a test, and there is 1 machine behind pfSense that I wish to manage, and Wi-Fi makes that easy.
Carrying on:
The auto-suggessted topics by Server Fault were very relevant. However, I was not able to make use of the answers, and I didn't realize, but I don't have enough rep here to comment to bump them to get answers (I do elsewhere though). I found more chatter about pfSense here than on the Network Engineering SE, so I figured this would be a good place to ask for help.
I discovered pfSense a week or so ago and set up a laptop with 2.2.6 to test it out on. The built in Ethernet port is the WAN (re0), I installed a USB Ethernet adapter (ue0), and bridged ue0 and the Wi-Fi (ath0). I also set up the WAN to route to a commercial OpenVPN provider.
LAN and Wi-Fi can grab DHCP addresses from pfSense, and go out the VPN. However, they cannot talk to each other. I would like for them to talk to each other too. The Wi-Fi is simply for me to manage the single machine on the LAN, not some major thoroughfare of traffic.
If I am successful with this test, I will eventually purpose build a machine to different specs and re-architect things. My intent was a down and dirty, quick test to get things up and running.
I have stumbled across several posts on the pfSense forum, and various SE's, asking for help getting bridging to work, and there are several questions here, all/most of which have answers with "Yeah, I got it working"; but as a pfSense and BSD n00b, I am having a hard time making heads or tails out of their answers or instructions.
- Should bridging allow LAN and Wi-Fi to talk to each other without further configuration?
- If further configuration is needed, what is the recommended methodology? I have seen mention of NAT and firewall rules. Is there a preferred method?
- What steps should be taken to implement the method in #2?
I have read the docs on the pfSense page and from what I can tell, the bridge between interfaces should allow for communications.
I have tried following this article and either I did it wrong, or it no longer applies.
This page https ://forum.pfsense.org/index.php?topic=20917.0 was written a long time ago, and I don't know enough about pfSense to really follow his written directions. The part about the extra adapter is what's throwing me for the loop.
Related articles:
http ://serverfault.com/questions/157557/pfsense-with-a-bridge-as-a-lan-interface-traffic-blocked-between-interfaces
http ://serverfault.com/questions/299380/how-do-i-route-between-interfaces-in-pfsense?rq=1
http ://serverfault.com/questions/409043/allowing-traffic-across-the-interface-members-of-a-pfsense-bridge
http ://serverfault.com/questions/362567/pfsense-bridge-on-of-the-network-interfaces
wifi bridge pfsense wireless-bridge
asked Mar 10 '16 at 15:16
YetAnotherRandomUserYetAnotherRandomUser
15429
3
Why do you want to bridge these networks? Most of the time in this situation, LAN and WiFi would each be their own subnet, and could route traffic back and forth. Firewall rules for traffic between these subnets can be as open or as restrictive as you desire.
– EEAA
Mar 10 '16 at 15:18
This is a test, and there is 1 machine behind pfSense that I wish to manage, and Wi-Fi makes that easy.
– YetAnotherRandomUser
Mar 10 '16 at 15:28
2
You're missing the point. Bridging networks like this is nearly always not what you want to do. Instead, create two separate Layer 3 networks and then configure routing between them. Routing is much different than bridging. With a routed solution, you'll still be able to communicate between networks without issue, including performing whatever management tasks required.
– EEAA
Mar 10 '16 at 15:29
I may be missing your point, but the doc page says that a bridge bridges layer 2 and that's not working. I appreciate your attempt at another better solution, and I'll explore that when I can get back to the hardware. I don't understand why anyone and everyone seems to hate or ignore bridging though. Is it broken in pfSense? Is it like the white elephant of pfSense?
– YetAnotherRandomUser
Mar 10 '16 at 15:33
2
It's the white elephant of networking in general, not just pfSense. There are few to no benefits of bridged networks, and it introduces the possibility of a lot of different types of issues. Routed networks are much more simple, predictable, easier to control, easier to troubleshoot, etc., and unless you require L2 broadcast connectivity between hosts, there is no technical reason to not use two separate routed networks.
– EEAA
Mar 10 '16 at 15:35
add a comment |
EDIT: Why would I want to do such a thing?
This is a test, and there is 1 machine behind pfSense that I wish to manage, and Wi-Fi makes that easy.
Carrying on:
The auto-suggessted topics by Server Fault were very relevant. However, I was not able to make use of the answers, and I didn't realize, but I don't have enough rep here to comment to bump them to get answers (I do elsewhere though). I found more chatter about pfSense here than on the Network Engineering SE, so I figured this would be a good place to ask for help.
I discovered pfSense a week or so ago and set up a laptop with 2.2.6 to test it out on. The built in Ethernet port is the WAN (re0), I installed a USB Ethernet adapter (ue0), and bridged ue0 and the Wi-Fi (ath0). I also set up the WAN to route to a commercial OpenVPN provider.
LAN and Wi-Fi can grab DHCP addresses from pfSense, and go out the VPN. However, they cannot talk to each other. I would like for them to talk to each other too. The Wi-Fi is simply for me to manage the single machine on the LAN, not some major thoroughfare of traffic.
If I am successful with this test, I will eventually purpose build a machine to different specs and re-architect things. My intent was a down and dirty, quick test to get things up and running.
I have stumbled across several posts on the pfSense forum, and various SE's, asking for help getting bridging to work, and there are several questions here, all/most of which have answers with "Yeah, I got it working"; but as a pfSense and BSD n00b, I am having a hard time making heads or tails out of their answers or instructions.
- Should bridging allow LAN and Wi-Fi to talk to each other without further configuration?
- If further configuration is needed, what is the recommended methodology? I have seen mention of NAT and firewall rules. Is there a preferred method?
- What steps should be taken to implement the method in #2?
I have read the docs on the pfSense page and from what I can tell, the bridge between interfaces should allow for communications.
I have tried following this article and either I did it wrong, or it no longer applies.
This page https ://forum.pfsense.org/index.php?topic=20917.0 was written a long time ago, and I don't know enough about pfSense to really follow his written directions. The part about the extra adapter is what's throwing me for the loop.
Related articles:
http ://serverfault.com/questions/157557/pfsense-with-a-bridge-as-a-lan-interface-traffic-blocked-between-interfaces
http ://serverfault.com/questions/299380/how-do-i-route-between-interfaces-in-pfsense?rq=1
http ://serverfault.com/questions/409043/allowing-traffic-across-the-interface-members-of-a-pfsense-bridge
http ://serverfault.com/questions/362567/pfsense-bridge-on-of-the-network-interfaces
wifi bridge pfsense wireless-bridge
asked Mar 10 '16 at 15:16
YetAnotherRandomUserYetAnotherRandomUser
15429
EDIT: Why would I want to do such a thing?
This is a test, and there is 1 machine behind pfSense that I wish to manage, and Wi-Fi makes that easy.
Carrying on:
The auto-suggessted topics by Server Fault were very relevant. However, I was not able to make use of the answers, and I didn't realize, but I don't have enough rep here to comment to bump them to get answers (I do elsewhere though). I found more chatter about pfSense here than on the Network Engineering SE, so I figured this would be a good place to ask for help.
I discovered pfSense a week or so ago and set up a laptop with 2.2.6 to test it out on. The built in Ethernet port is the WAN (re0), I installed a USB Ethernet adapter (ue0), and bridged ue0 and the Wi-Fi (ath0). I also set up the WAN to route to a commercial OpenVPN provider.
LAN and Wi-Fi can grab DHCP addresses from pfSense, and go out the VPN. However, they cannot talk to each other. I would like for them to talk to each other too. The Wi-Fi is simply for me to manage the single machine on the LAN, not some major thoroughfare of traffic.
If I am successful with this test, I will eventually purpose build a machine to different specs and re-architect things. My intent was a down and dirty, quick test to get things up and running.
I have stumbled across several posts on the pfSense forum, and various SE's, asking for help getting bridging to work, and there are several questions here, all/most of which have answers with "Yeah, I got it working"; but as a pfSense and BSD n00b, I am having a hard time making heads or tails out of their answers or instructions.
- Should bridging allow LAN and Wi-Fi to talk to each other without further configuration?
- If further configuration is needed, what is the recommended methodology? I have seen mention of NAT and firewall rules. Is there a preferred method?
- What steps should be taken to implement the method in #2?
I have read the docs on the pfSense page and from what I can tell, the bridge between interfaces should allow for communications.
I have tried following this article and either I did it wrong, or it no longer applies.
This page https ://forum.pfsense.org/index.php?topic=20917.0 was written a long time ago, and I don't know enough about pfSense to really follow his written directions. The part about the extra adapter is what's throwing me for the loop.
Related articles:
http ://serverfault.com/questions/157557/pfsense-with-a-bridge-as-a-lan-interface-traffic-blocked-between-interfaces
http ://serverfault.com/questions/299380/how-do-i-route-between-interfaces-in-pfsense?rq=1
http ://serverfault.com/questions/409043/allowing-traffic-across-the-interface-members-of-a-pfsense-bridge
http ://serverfault.com/questions/362567/pfsense-bridge-on-of-the-network-interfaces
wifi bridge pfsense wireless-bridge
wifi bridge pfsense wireless-bridge
asked Mar 10 '16 at 15:16
YetAnotherRandomUserYetAnotherRandomUser
15429
asked Mar 10 '16 at 15:16
YetAnotherRandomUserYetAnotherRandomUser
15429
edited Mar 10 '16 at 15:28
YetAnotherRandomUser
asked Mar 10 '16 at 15:16
YetAnotherRandomUserYetAnotherRandomUser
15429
asked Mar 10 '16 at 15:16
YetAnotherRandomUserYetAnotherRandomUser
15429
asked Mar 10 '16 at 15:16
YetAnotherRandomUserYetAnotherRandomUser
15429
15429
3
Why do you want to bridge these networks? Most of the time in this situation, LAN and WiFi would each be their own subnet, and could route traffic back and forth. Firewall rules for traffic between these subnets can be as open or as restrictive as you desire.
– EEAA
Mar 10 '16 at 15:18
This is a test, and there is 1 machine behind pfSense that I wish to manage, and Wi-Fi makes that easy.
– YetAnotherRandomUser
Mar 10 '16 at 15:28
2
You're missing the point. Bridging networks like this is nearly always not what you want to do. Instead, create two separate Layer 3 networks and then configure routing between them. Routing is much different than bridging. With a routed solution, you'll still be able to communicate between networks without issue, including performing whatever management tasks required.
– EEAA
Mar 10 '16 at 15:29
I may be missing your point, but the doc page says that a bridge bridges layer 2 and that's not working. I appreciate your attempt at another better solution, and I'll explore that when I can get back to the hardware. I don't understand why anyone and everyone seems to hate or ignore bridging though. Is it broken in pfSense? Is it like the white elephant of pfSense?
– YetAnotherRandomUser
Mar 10 '16 at 15:33
2
It's the white elephant of networking in general, not just pfSense. There are few to no benefits of bridged networks, and it introduces the possibility of a lot of different types of issues. Routed networks are much more simple, predictable, easier to control, easier to troubleshoot, etc., and unless you require L2 broadcast connectivity between hosts, there is no technical reason to not use two separate routed networks.
– EEAA
Mar 10 '16 at 15:35
add a comment |
3
Why do you want to bridge these networks? Most of the time in this situation, LAN and WiFi would each be their own subnet, and could route traffic back and forth. Firewall rules for traffic between these subnets can be as open or as restrictive as you desire.
– EEAA
Mar 10 '16 at 15:18
This is a test, and there is 1 machine behind pfSense that I wish to manage, and Wi-Fi makes that easy.
– YetAnotherRandomUser
Mar 10 '16 at 15:28
2
You're missing the point. Bridging networks like this is nearly always not what you want to do. Instead, create two separate Layer 3 networks and then configure routing between them. Routing is much different than bridging. With a routed solution, you'll still be able to communicate between networks without issue, including performing whatever management tasks required.
– EEAA
Mar 10 '16 at 15:29
I may be missing your point, but the doc page says that a bridge bridges layer 2 and that's not working. I appreciate your attempt at another better solution, and I'll explore that when I can get back to the hardware. I don't understand why anyone and everyone seems to hate or ignore bridging though. Is it broken in pfSense? Is it like the white elephant of pfSense?
– YetAnotherRandomUser
Mar 10 '16 at 15:33
2
It's the white elephant of networking in general, not just pfSense. There are few to no benefits of bridged networks, and it introduces the possibility of a lot of different types of issues. Routed networks are much more simple, predictable, easier to control, easier to troubleshoot, etc., and unless you require L2 broadcast connectivity between hosts, there is no technical reason to not use two separate routed networks.
– EEAA
Mar 10 '16 at 15:35
3
3
Why do you want to bridge these networks? Most of the time in this situation, LAN and WiFi would each be their own subnet, and could route traffic back and forth. Firewall rules for traffic between these subnets can be as open or as restrictive as you desire.
– EEAA
Mar 10 '16 at 15:18
Why do you want to bridge these networks? Most of the time in this situation, LAN and WiFi would each be their own subnet, and could route traffic back and forth. Firewall rules for traffic between these subnets can be as open or as restrictive as you desire.
– EEAA
Mar 10 '16 at 15:18
This is a test, and there is 1 machine behind pfSense that I wish to manage, and Wi-Fi makes that easy.
– YetAnotherRandomUser
Mar 10 '16 at 15:28
This is a test, and there is 1 machine behind pfSense that I wish to manage, and Wi-Fi makes that easy.
– YetAnotherRandomUser
Mar 10 '16 at 15:28
2
2
You're missing the point. Bridging networks like this is nearly always not what you want to do. Instead, create two separate Layer 3 networks and then configure routing between them. Routing is much different than bridging. With a routed solution, you'll still be able to communicate between networks without issue, including performing whatever management tasks required.
– EEAA
Mar 10 '16 at 15:29
You're missing the point. Bridging networks like this is nearly always not what you want to do. Instead, create two separate Layer 3 networks and then configure routing between them. Routing is much different than bridging. With a routed solution, you'll still be able to communicate between networks without issue, including performing whatever management tasks required.
– EEAA
Mar 10 '16 at 15:29
I may be missing your point, but the doc page says that a bridge bridges layer 2 and that's not working. I appreciate your attempt at another better solution, and I'll explore that when I can get back to the hardware. I don't understand why anyone and everyone seems to hate or ignore bridging though. Is it broken in pfSense? Is it like the white elephant of pfSense?
– YetAnotherRandomUser
Mar 10 '16 at 15:33
I may be missing your point, but the doc page says that a bridge bridges layer 2 and that's not working. I appreciate your attempt at another better solution, and I'll explore that when I can get back to the hardware. I don't understand why anyone and everyone seems to hate or ignore bridging though. Is it broken in pfSense? Is it like the white elephant of pfSense?
– YetAnotherRandomUser
Mar 10 '16 at 15:33
2
2
It's the white elephant of networking in general, not just pfSense. There are few to no benefits of bridged networks, and it introduces the possibility of a lot of different types of issues. Routed networks are much more simple, predictable, easier to control, easier to troubleshoot, etc., and unless you require L2 broadcast connectivity between hosts, there is no technical reason to not use two separate routed networks.
– EEAA
Mar 10 '16 at 15:35
It's the white elephant of networking in general, not just pfSense. There are few to no benefits of bridged networks, and it introduces the possibility of a lot of different types of issues. Routed networks are much more simple, predictable, easier to control, easier to troubleshoot, etc., and unless you require L2 broadcast connectivity between hosts, there is no technical reason to not use two separate routed networks.
– EEAA
Mar 10 '16 at 15:35
add a comment |
2 Answers
2
active
oldest
votes
The devices on the LAN and on the Wifi have the same network address ? Or they're different networks if we talk about IP networks ?
Try to look if the Firewall it's your problem:
Create on Firewall / Rules one Rule allowing the access to the LAN network if the source it's the Wifi network
Action = pass
Interface = Select on the combo Lan address name
protocol = any
Source = Select on the combo "Name of the wan network net"
Destination = Select on the combo "Name of the LAN network net"
Log = Check it to see on the System Logs info about the packet it controls. When it runs ok you can remove it.
To see the log of the Firewall go to:Status / System Logs / Firewall tab
answered Apr 8 '16 at 13:10
NetViciousNetVicious
303213
add a comment |
I was in your case and I have resolved the problem by doing the following setup :
I have just added 2 rules to allow all traffic between the Bridge content interfaces (wired and wireless). Tested on pfsense v2.4.4.
In my case, my interfaces setup are :
- LAN interface -> Bridge
- Bridge : LAN_RJ45 interface (wired network) + LAN_Wifi interface (Wireless network)
Please see below (Screenshot links) an example for the Wireless interface.
This is the same rule for the wired interface.
Step one - Disable the added rule - Ping KO
Step two - Enable the added rule - Ping OK
NB : On the left side, this is the Wireless device IP and on the right side, this is a ping to the wired device IP.
edited Oct 21 '18 at 12:22
alexander.polomodov
1,0503712
answered Oct 20 '18 at 20:42
ManWithNoNameManWithNoName
11
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "2"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f762922%2fpfsense-bridging-wi-fi-and-lan-allow-access-between-wi-fi-and-lan%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
The devices on the LAN and on the Wifi have the same network address ? Or they're different networks if we talk about IP networks ?
Try to look if the Firewall it's your problem:
Create on Firewall / Rules one Rule allowing the access to the LAN network if the source it's the Wifi network
Action = pass
Interface = Select on the combo Lan address name
protocol = any
Source = Select on the combo "Name of the wan network net"
Destination = Select on the combo "Name of the LAN network net"
Log = Check it to see on the System Logs info about the packet it controls. When it runs ok you can remove it.
To see the log of the Firewall go to:Status / System Logs / Firewall tab
answered Apr 8 '16 at 13:10
NetViciousNetVicious
303213
add a comment |
The devices on the LAN and on the Wifi have the same network address ? Or they're different networks if we talk about IP networks ?
Try to look if the Firewall it's your problem:
Create on Firewall / Rules one Rule allowing the access to the LAN network if the source it's the Wifi network
Action = pass
Interface = Select on the combo Lan address name
protocol = any
Source = Select on the combo "Name of the wan network net"
Destination = Select on the combo "Name of the LAN network net"
Log = Check it to see on the System Logs info about the packet it controls. When it runs ok you can remove it.
To see the log of the Firewall go to:Status / System Logs / Firewall tab
answered Apr 8 '16 at 13:10
NetViciousNetVicious
303213
add a comment |
The devices on the LAN and on the Wifi have the same network address ? Or they're different networks if we talk about IP networks ?
Try to look if the Firewall it's your problem:
Create on Firewall / Rules one Rule allowing the access to the LAN network if the source it's the Wifi network
Action = pass
Interface = Select on the combo Lan address name
protocol = any
Source = Select on the combo "Name of the wan network net"
Destination = Select on the combo "Name of the LAN network net"
Log = Check it to see on the System Logs info about the packet it controls. When it runs ok you can remove it.
To see the log of the Firewall go to:Status / System Logs / Firewall tab
answered Apr 8 '16 at 13:10
NetViciousNetVicious
303213
The devices on the LAN and on the Wifi have the same network address ? Or they're different networks if we talk about IP networks ?
Try to look if the Firewall it's your problem:
Create on Firewall / Rules one Rule allowing the access to the LAN network if the source it's the Wifi network
Action = pass
Interface = Select on the combo Lan address name
protocol = any
Source = Select on the combo "Name of the wan network net"
Destination = Select on the combo "Name of the LAN network net"
Log = Check it to see on the System Logs info about the packet it controls. When it runs ok you can remove it.
To see the log of the Firewall go to:Status / System Logs / Firewall tab
answered Apr 8 '16 at 13:10
NetViciousNetVicious
303213
answered Apr 8 '16 at 13:10
NetViciousNetVicious
303213
answered Apr 8 '16 at 13:10
NetViciousNetVicious
303213
answered Apr 8 '16 at 13:10
NetViciousNetVicious
303213
303213
add a comment |
add a comment |
I was in your case and I have resolved the problem by doing the following setup :
I have just added 2 rules to allow all traffic between the Bridge content interfaces (wired and wireless). Tested on pfsense v2.4.4.
In my case, my interfaces setup are :
- LAN interface -> Bridge
- Bridge : LAN_RJ45 interface (wired network) + LAN_Wifi interface (Wireless network)
Please see below (Screenshot links) an example for the Wireless interface.
This is the same rule for the wired interface.
Step one - Disable the added rule - Ping KO
Step two - Enable the added rule - Ping OK
NB : On the left side, this is the Wireless device IP and on the right side, this is a ping to the wired device IP.
edited Oct 21 '18 at 12:22
alexander.polomodov
1,0503712
answered Oct 20 '18 at 20:42
ManWithNoNameManWithNoName
11
add a comment |
I was in your case and I have resolved the problem by doing the following setup :
I have just added 2 rules to allow all traffic between the Bridge content interfaces (wired and wireless). Tested on pfsense v2.4.4.
In my case, my interfaces setup are :
- LAN interface -> Bridge
- Bridge : LAN_RJ45 interface (wired network) + LAN_Wifi interface (Wireless network)
Please see below (Screenshot links) an example for the Wireless interface.
This is the same rule for the wired interface.
Step one - Disable the added rule - Ping KO
Step two - Enable the added rule - Ping OK
NB : On the left side, this is the Wireless device IP and on the right side, this is a ping to the wired device IP.
edited Oct 21 '18 at 12:22
alexander.polomodov
1,0503712
answered Oct 20 '18 at 20:42
ManWithNoNameManWithNoName
11
add a comment |
I was in your case and I have resolved the problem by doing the following setup :
I have just added 2 rules to allow all traffic between the Bridge content interfaces (wired and wireless). Tested on pfsense v2.4.4.
In my case, my interfaces setup are :
- LAN interface -> Bridge
- Bridge : LAN_RJ45 interface (wired network) + LAN_Wifi interface (Wireless network)
Please see below (Screenshot links) an example for the Wireless interface.
This is the same rule for the wired interface.
Step one - Disable the added rule - Ping KO
Step two - Enable the added rule - Ping OK
NB : On the left side, this is the Wireless device IP and on the right side, this is a ping to the wired device IP.
edited Oct 21 '18 at 12:22
alexander.polomodov
1,0503712
answered Oct 20 '18 at 20:42
ManWithNoNameManWithNoName
11
I was in your case and I have resolved the problem by doing the following setup :
I have just added 2 rules to allow all traffic between the Bridge content interfaces (wired and wireless). Tested on pfsense v2.4.4.
In my case, my interfaces setup are :
- LAN interface -> Bridge
- Bridge : LAN_RJ45 interface (wired network) + LAN_Wifi interface (Wireless network)
Please see below (Screenshot links) an example for the Wireless interface.
This is the same rule for the wired interface.
Step one - Disable the added rule - Ping KO
Step two - Enable the added rule - Ping OK
NB : On the left side, this is the Wireless device IP and on the right side, this is a ping to the wired device IP.
edited Oct 21 '18 at 12:22
alexander.polomodov
1,0503712
answered Oct 20 '18 at 20:42
ManWithNoNameManWithNoName
11
edited Oct 21 '18 at 12:22
alexander.polomodov
1,0503712
edited Oct 21 '18 at 12:22
alexander.polomodov
1,0503712
edited Oct 21 '18 at 12:22
alexander.polomodov
1,0503712
1,0503712
answered Oct 20 '18 at 20:42
ManWithNoNameManWithNoName
11
answered Oct 20 '18 at 20:42
ManWithNoNameManWithNoName
11
answered Oct 20 '18 at 20:42
ManWithNoNameManWithNoName
11
11
add a comment |
add a comment |
Thanks for contributing an answer to Server Fault!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f762922%2fpfsense-bridging-wi-fi-and-lan-allow-access-between-wi-fi-and-lan%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
3
Why do you want to bridge these networks? Most of the time in this situation, LAN and WiFi would each be their own subnet, and could route traffic back and forth. Firewall rules for traffic between these subnets can be as open or as restrictive as you desire.
– EEAA
Mar 10 '16 at 15:18
This is a test, and there is 1 machine behind pfSense that I wish to manage, and Wi-Fi makes that easy.
– YetAnotherRandomUser
Mar 10 '16 at 15:28
2
You're missing the point. Bridging networks like this is nearly always not what you want to do. Instead, create two separate Layer 3 networks and then configure routing between them. Routing is much different than bridging. With a routed solution, you'll still be able to communicate between networks without issue, including performing whatever management tasks required.
– EEAA
Mar 10 '16 at 15:29
I may be missing your point, but the doc page says that a bridge bridges layer 2 and that's not working. I appreciate your attempt at another better solution, and I'll explore that when I can get back to the hardware. I don't understand why anyone and everyone seems to hate or ignore bridging though. Is it broken in pfSense? Is it like the white elephant of pfSense?
– YetAnotherRandomUser
Mar 10 '16 at 15:33
2
It's the white elephant of networking in general, not just pfSense. There are few to no benefits of bridged networks, and it introduces the possibility of a lot of different types of issues. Routed networks are much more simple, predictable, easier to control, easier to troubleshoot, etc., and unless you require L2 broadcast connectivity between hosts, there is no technical reason to not use two separate routed networks.
– EEAA
Mar 10 '16 at 15:35