pfSense is an open source firewall/router computer software distribution based on FreeBSD. FreeBSD supports the bridge device. A bridge interface device can be created using pfSense. A bridge interface creates a logical link between two or more Ethernet interfaces or encapsulation interfaces. This link between the interfaces selectively forwards frames from each interface on the bridge to every other interface on the bridge. A bridge can serve several services, including isolation of traffic between sets of machines so that traffic local to one set of machines is not available on the wire of another set of machines, and it can act as a transparent filter for ip datagrams. This will work at layer 2 broadcast/collision domain.
Our sample setup
The setup is as follows:
+------------+
| NAS | 192.168.1.254 (lan)
| Server 01 +------>--------+ +----------+
+------------+ | | |
192.168.1.10 lan -+ +- wan (rl0) ISP/Internet
+---------+ | | Public IP: 202.54.1.1
| Desktop | | PFSense |
+---------+------->----------+ | Host |
192.168.1.11 opt1-+ |
+------------+ | |
| HP | | |
| Printer 01 +------------->opt2-+ |
+------------+ +----------+
192.168.1.12
Bridge0 includes following (note only lan interface needs an IP address)
lan = vr0 = IP: 192.168.1.254
opt1 = vr1 = IP: none
opt2 = vr2 = IP: none
I’m going to assume that you’ve already assigned and configured wan and lan interfaces.
Step #1: Assign opt1 and opt2 interfaces
First, assign and enable all the additional interfaces such as opt1, opt2 and so on by visiting Interfaces > (assign) option:
Click on each interface name such as opt1, opt2, opt3 and select “Enable Interface“. Make sure IPv4/IPv6 Configuration Type set to “None“. Finally click on the “Save” button:
Warning: Only one interface on a bridge should have an IP address. In this example, I’ve assigned IP address to lan interface (192.168.1.254). Do not add multiple IP addresses in the same subnet on different bridge member interfaces. Other interfaces on the bridge should remain with an IP type of None.
Step #2: Create a bridge interface
Visit Interfaces > (assign > Bridges option. Click on + symbol to add bridge0 and select member interfaces such as LAN, OPT1, OPT2 and so on. In this example, I’m only selecting LAN and OPT3 as member interfaces for bridge0:
My final bridge0 interface will look as follows:
Step #3: Adding a firewall rule
You need to add a firewall rule to allow traffic between each interface of the bridge. Click on Firewall > Rules > Select Lan interface. You need to select opt1, opt3 and so on. I suggest that you add a simple rule like “Default allow interface to any rule” i.e. set Protocol: any, Source: any, Destination: any > and click on the “Save” button:
Feel free to adjust firewall rules as per your needs and setup.
Step #4: Test it
Open the Terminal app and try to ping between nas server, printer and desktop using ping command:
ping 192.168.1.10 ping 192.168.1.254 |
- Debian Linux: Configure Network Interfaces As A Bridge / Network Switch
- OpenBSD: Configure Network Interface As A Bridge / Network Switch
- How To PFSense Configure Network Interface As A Bridge / Network Switch
- FreeBSD: NIC Bonding / Link Aggregation / Trunking / Link Failover
- Setup Bridge (br0) Network on Ubuntu Linux
- Ubuntu setup a bonding device and enslave eth0+eth2
- Setup Bonded (bond0) and Bridged (br0) Networking On Ubuntu
14 comment
What are you trying to say here: “A bridge interface device cane created using pfSense.” I’m thinking “cane” should be “can be”, so maybe it’s a typo. I haven’t heard of “cane” being a networking/routing/switching term.
Thanks.
It was a typo on my end. Sorry about that :(
This person is taking his time to graph an explanation, for people like us. Why waste time to hack him on a spelling mistake?? If you have nothing to compliment on, DO NOT say anything at all…
@Franco:
Sometimes English isn’t someone’s first language. Other times English is their primary language but they didn’t pick up grammar growing up. I skipped the grade where we learned some things in grammar and it took a long time and many many corrections of it (had already formed a bad habit), until I’d finally learned.
Many people in this situation, if the person is being helpful and explaining things like cvillepete did, would rather hear the explanation so they don’t sound like uneducated morons for their entire life.
Thank you man :)
Good guide. Thanks for the easy to follow instructions. Will test it our now on my own setup.
Hi, thanks the tutorial, its easy to follow and successfully to assign a 6 ports pfsense firewall/switch.
TK Wong
Thanks for the guide your tip on setting “IPv4/IPv6 Configuration Type set to “None” on the interfaces OPT1, OPT2, etc – seems to be the missing secret sauce for making a successful bridge.
Thanks a lot, Very Well Explained,
In the current pfSense, you have to go back to the Interface Assignment and assign the bridge itself, so it will have an OPTX interface.
Excellent!!!!!!!!!!
I have been fighting to get my new sg-2440 pfsense box to allow my wife’s computer internet access. This solved it. I bridged everything on every tab, except for the WAN.
Thanks a bunch!
hello,
i’m a network noob and appreciate this tutorial. i have a slightly different problem if you could please point me to some additional readings where i might find further tutorials to setup my pfsense.
i used to have a netgear router with an external asus wifi router acting as the access point. the asus was bridged(?) to the netgear from asus-lan-port to netgear-lan-port so that, eg. 192.168.1.1 (netgear) and 192.168.1.90 (asus). when computers connected to the wifi access points, they will get ips assigned higher than 192.168.1.100 and so on.
i’m trying to replace the netgear with pfsense sg4860 fw, but quite honestly, i might have bitten more than i can chew as a network noob. while the computer that’s connected to the pfsense appliance is quite fast now, i’m unable to replicate the setup where i can connect to the asus ap.
what i have tried is the following:
– enabled opt1 and fw rules (following your tutorial here)
– followed the instructions at https://doc.pfsense.org/index.php/Use_an_existing_wireless_router_with_pfSense
however, i’m still not getting the proper ip address on my wifi, instead i see a self-assigned ip of 169.254.5.193 which is a typical ip when there’s no dhcp assigned ip.
what am i missing?
ps. thanks much in advance.
Hello,
It is applicable to do the bridging between WAN and LAN interfaces using the same configuration above ?
also I did disable the Outbound NAT rule generation , but it does not work, am I missing something ?