Hi,
I'm running a few ALIX 2D13s with pfsense 2.3.2.
All of them have a bridge configured which incorporates two of the
Ethernet interfaces and a Wireless interface (some Atheros card).
Apart from that there is an OpenVPN client on each box to connect
satellite sites.
There is something weird with the bridge which I would like to
understand:
When I connect my laptop to one of the Ethernet ports, I get a correct
IP from the DHCP server on pfsense and can immediatley ping all the
other machines at other sites. The Ping echo enters through the Ethernet
interface into the bridge, from there it's forwarded into the tunnel.
The echo reply comes back through the tunnel and from there via the
bridge/Ethernet interface to my laptop, all sweet and as expected:
Here's a tcpdump (while connected via Ethernet) of three consecutive
pings (separated by empty lines) on the ovpnc1 interface:
# tcpdump -n -i ovpnc1 icmp and host 192.168.10.236
tcpdump: verbose output suppressed, use -v or -vv for full protocol
decode
listening on ovpnc1, link-type NULL (BSD loopback), capture size 65535
bytes
09:49:56.816755 IP 192.168.9.20 > 192.168.10.236: ICMP echo request, id
16470, seq 6, length 64
09:49:56.917771 IP 192.168.10.236 > 192.168.9.20: ICMP echo reply, id
16470, seq 6, length 64
09:50:01.817050 IP 192.168.9.20 > 192.168.10.236: ICMP echo request, id
16470, seq 7, length 64
09:50:01.949133 IP 192.168.10.236 > 192.168.9.20: ICMP echo reply, id
16470, seq 7, length 64
09:50:06.817352 IP 192.168.9.20 > 192.168.10.236: ICMP echo request, id
16470, seq 8, length 64
09:50:06.951798 IP 192.168.10.236 > 192.168.9.20: ICMP echo reply, id
16470, seq 8, length 64
... works just as nice on the bridge0 interface:
# tcpdump -n -i bridge0 icmp and host 192.168.10.236
tcpdump: verbose output suppressed, use -v or -vv for full protocol
decode
listening on bridge0, link-type EN10MB (Ethernet), capture size 65535
bytes
09:51:11.820663 IP 192.168.9.20 > 192.168.10.236: ICMP echo request, id
16470, seq 21, length 64
09:51:11.909411 IP 192.168.10.236 > 192.168.9.20: ICMP echo reply, id
16470, seq 21, length 64
09:51:16.820863 IP 192.168.9.20 > 192.168.10.236: ICMP echo request, id
16470, seq 22, length 64
09:51:16.918607 IP 192.168.10.236 > 192.168.9.20: ICMP echo reply, id
16470, seq 22, length 64
09:51:21.821359 IP 192.168.9.20 > 192.168.10.236: ICMP echo request, id
16470, seq 23, length 64
09:51:21.915379 IP 192.168.10.236 > 192.168.9.20: ICMP echo reply, id
16470, seq 23, length 64
When I change the laptop's connection from Ethernet to Wireless,
however, the same pings no longer work:
ovpnc1 interface:
# tcpdump -n -i ovpnc1 icmp and host 192.168.10.236
tcpdump: verbose output suppressed, use -v or -vv for full protocol
decode
listening on ovpnc1, link-type NULL (BSD loopback), capture size 65535
bytes
09:54:58.725486 IP 192.168.9.25 > 192.168.10.236: ICMP echo request, id
20822, seq 14, length 64
09:54:58.865643 IP 192.168.10.236 > 192.168.9.25: ICMP echo reply, id
20822, seq 14, length 64
09:54:58.865735 IP 10.0.9.2 > 192.168.10.236: ICMP host 192.168.9.25
unreachable, length 36
09:55:03.726189 IP 192.168.9.25 > 192.168.10.236: ICMP echo request, id
20822, seq 15, length 64
09:55:03.816001 IP 192.168.10.236 > 192.168.9.25: ICMP echo reply, id
20822, seq 15, length 64
09:55:03.816097 IP 10.0.9.2 > 192.168.10.236: ICMP host 192.168.9.25
unreachable, length 36
09:55:08.726661 IP 192.168.9.25 > 192.168.10.236: ICMP echo request, id
20822, seq 16, length 64
09:55:08.819202 IP 192.168.10.236 > 192.168.9.25: ICMP echo reply, id
20822, seq 16, length 64
09:55:08.819296 IP 10.0.9.2 > 192.168.10.236: ICMP host 192.168.9.25
unreachable, length 36
bridge0 interface:
# tcpdump -n -i bridge0 icmp and host 192.168.10.236
tcpdump: verbose output suppressed, use -v or -vv for full protocol
decode
listening on bridge0, link-type EN10MB (Ethernet), capture size 65535
bytes
09:53:53.716169 IP 192.168.9.25 > 192.168.10.236: ICMP echo request, id
20822, seq 1, length 64
09:53:58.716987 IP 192.168.9.25 > 192.168.10.236: ICMP echo request, id
20822, seq 2, length 64
09:54:03.717813 IP 192.168.9.25 > 192.168.10.236: ICMP echo request, id
20822, seq 3, length 64
There is something going wrong inside the bridge with the WLAN
interface, it seems, but I can't figure out what this might be. The
bridge setup is super simple, no advances settings, just selected the
three interfaces, that's all.
BTW: The firewalle rules for the tunnel interface and the bridge are
completely open.
Can someone here please, please give me a pointer on this? I'm seriously
losing sleep.
Cheers,
Ray
_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
