Ray, Can you clarify which IP range is assigned where? We can make an educated guess based on the information you provided, but it's always better to have confirmation.
Moshe -- Moshe Katz -- [email protected] -- +1(301)867-3732 On Thu, Sep 8, 2016 at 6:06 AM, Ray <[email protected]> wrote: > Hi, > > I'm running a few ALIX 2D13s with pfsense 2.3.2. > > All of them have a bridge configured which incorporates two of the > Ethernet interfaces and a Wireless interface (some Atheros card). > > Apart from that there is an OpenVPN client on each box to connect > satellite sites. > > There is something weird with the bridge which I would like to understand: > > When I connect my laptop to one of the Ethernet ports, I get a correct IP > from the DHCP server on pfsense and can immediatley ping all the other > machines at other sites. The Ping echo enters through the Ethernet > interface into the bridge, from there it's forwarded into the tunnel. The > echo reply comes back through the tunnel and from there via the > bridge/Ethernet interface to my laptop, all sweet and as expected: > > Here's a tcpdump (while connected via Ethernet) of three consecutive pings > (separated by empty lines) on the ovpnc1 interface: > > # tcpdump -n -i ovpnc1 icmp and host 192.168.10.236 > tcpdump: verbose output suppressed, use -v or -vv for full protocol decode > listening on ovpnc1, link-type NULL (BSD loopback), capture size 65535 > bytes > 09:49:56.816755 IP 192.168.9.20 > 192.168.10.236: ICMP echo request, id > 16470, seq 6, length 64 > 09:49:56.917771 IP 192.168.10.236 > 192.168.9.20: ICMP echo reply, id > 16470, seq 6, length 64 > > 09:50:01.817050 IP 192.168.9.20 > 192.168.10.236: ICMP echo request, id > 16470, seq 7, length 64 > 09:50:01.949133 IP 192.168.10.236 > 192.168.9.20: ICMP echo reply, id > 16470, seq 7, length 64 > > 09:50:06.817352 IP 192.168.9.20 > 192.168.10.236: ICMP echo request, id > 16470, seq 8, length 64 > 09:50:06.951798 IP 192.168.10.236 > 192.168.9.20: ICMP echo reply, id > 16470, seq 8, length 64 > > ... works just as nice on the bridge0 interface: > > # tcpdump -n -i bridge0 icmp and host 192.168.10.236 > tcpdump: verbose output suppressed, use -v or -vv for full protocol decode > listening on bridge0, link-type EN10MB (Ethernet), capture size 65535 bytes > 09:51:11.820663 IP 192.168.9.20 > 192.168.10.236: ICMP echo request, id > 16470, seq 21, length 64 > 09:51:11.909411 IP 192.168.10.236 > 192.168.9.20: ICMP echo reply, id > 16470, seq 21, length 64 > > 09:51:16.820863 IP 192.168.9.20 > 192.168.10.236: ICMP echo request, id > 16470, seq 22, length 64 > 09:51:16.918607 IP 192.168.10.236 > 192.168.9.20: ICMP echo reply, id > 16470, seq 22, length 64 > > 09:51:21.821359 IP 192.168.9.20 > 192.168.10.236: ICMP echo request, id > 16470, seq 23, length 64 > 09:51:21.915379 IP 192.168.10.236 > 192.168.9.20: ICMP echo reply, id > 16470, seq 23, length 64 > > > When I change the laptop's connection from Ethernet to Wireless, however, > the same pings no longer work: > > ovpnc1 interface: > > # tcpdump -n -i ovpnc1 icmp and host 192.168.10.236 > tcpdump: verbose output suppressed, use -v or -vv for full protocol decode > listening on ovpnc1, link-type NULL (BSD loopback), capture size 65535 > bytes > 09:54:58.725486 IP 192.168.9.25 > 192.168.10.236: ICMP echo request, id > 20822, seq 14, length 64 > 09:54:58.865643 IP 192.168.10.236 > 192.168.9.25: ICMP echo reply, id > 20822, seq 14, length 64 > 09:54:58.865735 IP 10.0.9.2 > 192.168.10.236: ICMP host 192.168.9.25 > unreachable, length 36 > > 09:55:03.726189 IP 192.168.9.25 > 192.168.10.236: ICMP echo request, id > 20822, seq 15, length 64 > 09:55:03.816001 IP 192.168.10.236 > 192.168.9.25: ICMP echo reply, id > 20822, seq 15, length 64 > 09:55:03.816097 IP 10.0.9.2 > 192.168.10.236: ICMP host 192.168.9.25 > unreachable, length 36 > > 09:55:08.726661 IP 192.168.9.25 > 192.168.10.236: ICMP echo request, id > 20822, seq 16, length 64 > 09:55:08.819202 IP 192.168.10.236 > 192.168.9.25: ICMP echo reply, id > 20822, seq 16, length 64 > 09:55:08.819296 IP 10.0.9.2 > 192.168.10.236: ICMP host 192.168.9.25 > unreachable, length 36 > > bridge0 interface: > > # tcpdump -n -i bridge0 icmp and host 192.168.10.236 > tcpdump: verbose output suppressed, use -v or -vv for full protocol decode > listening on bridge0, link-type EN10MB (Ethernet), capture size 65535 bytes > 09:53:53.716169 IP 192.168.9.25 > 192.168.10.236: ICMP echo request, id > 20822, seq 1, length 64 > > 09:53:58.716987 IP 192.168.9.25 > 192.168.10.236: ICMP echo request, id > 20822, seq 2, length 64 > > 09:54:03.717813 IP 192.168.9.25 > 192.168.10.236: ICMP echo request, id > 20822, seq 3, length 64 > > There is something going wrong inside the bridge with the WLAN interface, > it seems, but I can't figure out what this might be. The bridge setup is > super simple, no advances settings, just selected the three interfaces, > that's all. > > BTW: The firewalle rules for the tunnel interface and the bridge are > completely open. > > Can someone here please, please give me a pointer on this? I'm seriously > losing sleep. > > Cheers, > Ray > > _______________________________________________ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
