yeah you should redo this, its a shame you skipped all the other details. Is this essentially just meant to show that you can create a filter bridge for the OPT ports while leaving the LAN and WAN for management? Also, really would begreat to see the box in a separate window as youre changing plugs... subscribed anyway, but its so hard to find a simple tutorial for creating filter bridge that actually works.
@@JasonsLabVideos Unlike your tutorial, I configured the bridge using both the WAN and LAN interfaces (as instructed by the attached guide), and I also enabled two additional OPT interfaces (OPT1 and OPT2) for future use or management access. After following the steps exactly as outlined in the guide-removing the static IPv4 addresses from both LAN and WAN and assigning a static IP to the bridge itself-I was able to get full internet access through the bridge. However, I’m unable to access the OPNSense web GUI through the bridge’s IP address or via the OPT interfaces. It seems like there’s no clear guidance on how to maintain access to the GUI once these settings are applied. I’m wondering if you have any insights or recommendations for configuring the firewall rules for the OPT interfaces to restore access, or if there’s another step I might be missing to make this work. Any advice would be greatly appreciated! www.zenarmor.com/docs/network-security-tutorials/how-to-configure-transparent-filtering-bridge-on-opnsense Thanks so much for your time!
Thank you so much. It hurts when I try to read through the directions on how to do stuff. But for some reason when I watch it being done on the TV in video format it just clicks. And now I will never forget it.
Hey Jason. Thank you very much! Brand new subscriber here. I would like to share that after I successfully followed your steps on this video, I realized I could not reach or ping any IP directly in my LAN. No DCHP leases for any other device on a switch etc. So I found out that in order to get the bridge fully working for Firewall Rules, we need to disable filtering for the Bridge members interfaces and enable it for the Bridge interface itself: System ‣ Settings ‣ Tunables and change "net.link.bridge.pfil_member" to 0 and "net.link.bridge.pfil_bridge" to 1 (inverting the default setting). Hope it helps!
I have been pulling my hair out for 3 days trying to figure out the right firewall rules I followed this video to enable the bridge didnt even think to do this lol thank you kind sir!
I've tried doing this from the documentation several times and missed that one crucial step. As soon as you said it in your video, the light bulb went on and 'click' :) Thanks for that.
@@JasonsLabVideos Thanks! Added the channel to my subscriptions :) As I have you here... Something is not right... There must be something more to the bridge configuration. After following your instruction I was able to connect devices to any of the 4 free bridged LAN ports but it worked perfectly only when I connected just one single device. Once I connected any additional device at the same time -- my whole home network was like freaking out immediately: I was losing connectivity to random devices or event the whole parts of my network. It behaved like an IP conflict or something of that sort. I spent like 3-4 hours on trying to figure out what was wrong and I ended up with coming back to using just one LAN port again and using an external switch :( Help... :)
After some further experiments it turned out that one of my switches may have generated some conflicts which randomly caused various issues in my network. It is a managed TP-LINK switch and I may have over-managed it :). I experienced issues even after restoring the pre-bridge OPNsense configuration from backup. After hard resetting the faulty switch all issues stopped immediately. I will watch it further and if it continues working flawlessly I will try bridging the ports again. Will let you know. Thanks!!
Excellent video Jason! I appreciate your candor early on. I have been trying to get bitwarden self-hosted setup. I keep failing at it but am learning from the experience. I get it installed, I can create a Master PW, login, etc. I point the browser extension to the self-hosted server but keep getting a backend null error. I tried once using Synology Docker, and twice on an Ubuntu VM. I am determined to figure it out. So, I know exactly where you are coming from. Great job!
Thanks for the tutorial. You may also need to configure the firewall rules for each bridged ports if you have multiple subnets & existing firewall policies. You might also be able to keep the port assignments to the default if you copy all the fw rules, dhcp, etc rules to the bridge interface.
@@JasonsLabVideos Yes, if you don't want to configure each firewall rule for each port, enable Tunables per the documentation so that the applied fw rules applies to all bridge ports.
@@JasonsLabVideos You forgot to mention in the video to System ‣ Settings ‣ Tunables and change "net.link.bridge.pfil_member" to 0 and "net.link.bridge.pfil_bridge" to 1
Brilliantly explained Jason, well done. I've been head scratching for days now trying this. I'm swapping an OpenWRT 3200 with VLANS's out for this as I now want to compare performance, so want to mirror the setups. My OPNsense box is an APU4. Nice box, just remember to get the correct OPNsense image for installation, and it works MUCH better during installation if you use putty than console on Linux. I previously had it all working but as the setup is so stable, I forgot how I set up the OPNsense box last time! [write the fine manual this time ;-) ]
Very informative. Do you have also a video about firewall rules and DNS override? Something that dives a bit deeper into them. I had some problems at set them up properly. Thanks
Nice, even I managed to understand this one and I am still very much new to this style of networking. I have a question if I may, I have in the works a very similar type small PC that I shall be using as my OPNSense box, a Fujitsu S920 with a 4 port gigabit card in much like this. I shall be using also be using the onboard port for the wan connection and my plan is to use the 4 port card to feed out to switches around the house where I need to break out multiple connections. My question being that I assume that I will have to go through this process to set those card ports up to be active in this way? I won't be plugging any end-hardware directly to the OPNsense box.
nice little trick - nice to know ... Since you are lapping stuff ... i was wondering what kind of through put you could get on ipsec tunnels ... do you have lab environment where you can spin up a vmware opnsense instance and test ipsec throughput?
Great stuff. I've been doing the same thing on box that I recently purchased from Aliexpress, to use it as my home firewall. The box itself has 4 ports 2.5Gb, one dedicated to WAN, one for LAN/MGMT and what about the other 2? So, I have been playing to basically create a switch and use it to connect to another switch down the line and one port for a server that I want to have full speed 2.5Gb as the port on my firewall has. I have to mention that my fibre connection is 3Gb.
That's some beefy hardware, how much stuff can you run on it for rules before you take a performance hit? I wonder if that would even be possible on that hardware. When I've built appliances like this it's usually a low power Celeron based unit so it's limited but fine for a basic solid firewall.
Thanks - I'm close I think - I tried this from a fresh install after I worked out how to get internet working but only via 1 of the LAN ports on my router (mini pc). My PC has 3 ethernet ports but when I plug my PC into the other port in your step @5:50 I just loose connection and even swapping the cable into the next port doesn't sovle it. I have to be close but are there other ideas? Does this guide assume I've setup other aspects of the configuration? At the moment I have static IP on the LAN and that's about it which gives me internet to one computer :/
I'm in the same boat with my device (cxa-770). I believe it's an driver issue. NIC drivers not present when installing FreeBSD. Unfortinitual I'm unsure how to fix that as I'm new to FreeBSD and its commands. Hopefully we come across some kind of solution from other users.
Hey Jason, I just did the configuration and wanted to say thank you! This was driving me mad 😂 I however ran into an odd issue, not sure if you experienced the same thing. So I have my main LAN on OPT0 and then I have a separate device on OPT1 they are under the same bridge assigned to LAN but for some reason devices on OPT1 can't talk or receive comms from OPT0 yet both of them can breakout to the internet. Do you know if this is a configuration error or maybe we need some manual firewall or NAT rules?
Hey Jason, so I actually followed the guide and found this little piece of information. Hope this helps someone else that has the same problem. I just had to change the values, reading the below paragraph should explain it all. "We now need to make two changes to the System Tunables to ensure that filtering is carried out on the bridge itself, and not on the member interfaces. Go to System ‣ Settings ‣ Tunables and select using the pen button net.link.bridge.pfil_member and set the value to 0 (add a new record if this entry doesn’t exist on your installation). & then Select the tunable net.link.bridge.pfil_bridge and set the value to 1"
You are awesome! Is it possible if you can go one step further and show us how we configure those bridged ports as Trunk ports carrying same vlan tags on each one?
Still coming? This is exactly what I need, I have a 4 port intel nic in a T730 thin client running opnsense I would like to play with vlans but all my switches are passive/dumb. If I could create VLANs right at the router, my network could progress.
Morning there are 2 boxes one is a M720Q with a Celeron G4900T and a quad port intel nic, the other is a M920q i5 8500t with a quad port intel nic. You can buy the PCIE 4 & 8x & 16x cards for inside the units and then throw in a low profile nic :) works really really good too !
@@martinrasmussen8745 Should go Modem > firewall > switch. Between switch and firewall should use a sfp+ cable Dac / fiber :). Poof never have traffic issues !
Great video! That explains why I had no usage of those 2 other ports despite starting a DHCP server on those ports. Question though: If I were to bridge all of my ports (I have 3 spare on a 10G Nic) would I be able to separate each individual port into its own VLAN? For example, my fourth port will be dedicated to my NAS. I don't want that one to be able to access the worldwide web. Even though all my ports are bridged together, I could still restrict that individual port, right?
Just so that I understand this. If I have a 4 port router and I want to use one port for LAN (w vlans) and one port for an AP (vlans) I would need to bridge the ports?
Did you ever get your bridge to work with VLANs ? I found it simpler to go back to trunking everything off from one port to a switch and going from there.
Hey Jason can you make a video on how to setup a LAGG? instead of bridging the ports, can you create a LAGG? Can the LAGG be assigned to your Default LAN?
Yes, thats my next plan to learn how to do :) I'll have to muck it up 20x before i get it right BUT thats the whole point of my lab and learning !! Thanks for the suggestion Sean :)
Hello.... is it possible that in transparent mode you can't use the ssl web proxy?. I can't make the transparent web proxy work for me with this configuration. Bye
Thank you for the tutorial! Curious as to why bridging is not recommended on various channels and forums? Supposedly there is a performance penalty, if so how much? What would be the recommended alternative if you want to utilize the additional ports on the same local network? Btw, I am using unmanaged switches.
When I tried this, if I remember correctly, I could only attach VLANs to the NIC's themselves but could not select the bridge itself. In OpenWRT, you can. In OpnSense, not so much. Far easier to switch over to managed switches and trunk everything you need over one cable. The best use case that I've found is to use one of the remaining ports as backup access into the router. There is a completely different mentality and functionality between Opnsense and OpenWRT.
unfortunately, in the case of virtualizing pfsense on esxi, I am unable to activate the rest of the LAN ports in this way, although each port in esxi has its own vswitch.. after changing the Lan interface from port to bridge, I lose access to the GUI even after switching the cable to one of the ports belonging to bridge
To answer my own question. The settings for static IP needs to be executed on the what in this video is called "LAN" interface, which may or may not be the name of your interface. Anyhow, there is where I set a static IP for the firewall/router. And also in DHCP I configured a correct range I wanted. And if this works, then proceed with creating such a bridge like explained in this video!
Exceptional and exceptionally brief video tutorial! Nevertheless, I was under the assumption that I could set up independent physical networks for each LAN port on my Qotom Mini PC Q750G5, and am running into trouble. Port0=WAN and Port1=LAN1 are working swimmingly. OPT2-4 is dead in the proverbial water. Would love your thoughts.
@@JasonsLabVideos I think I figured it out: Assigned and enabled the LANPort2 (igc2) + assigned/applied an IPv4 range -> Rebooted -> Enabled DHCPv4 for LANPort2 -> Meandered over to Firewall Rules and noticed the same inbound-only rules for IPv4/6 automagically appeared (literally mirroring the rules assigned to LANPort1 (igc2) -> connected to my wireless router and behold, it worked! I appreciate you offering to give me a hand. If anything I outlined seems odd, strange, or wrong, please don't hesitate to let me know. :)
I trued that it doesnt works in newest version of opnsense need more updated insteuctions at that webside as i tried to set lan to bridge-network itll complains that its already have other ports assigned
OMG, I spent 3 days trying to find your video solution. Everywhere on the internet, people say that you can only use one port for WAN and one for LAN. They also claim that a switch is faster for making LAN connections. Could you test this theory and compare it with this small PC using a bridge connection?
all 4 ports works now.. however, they can't seem to talk to each other, I have a few local devices on a switch connect to port1, and when the laptop use wire directly connect to 2nd port, They all able to connect to internet, but laptop is not able to visit local devices (stuff connect to port1) Any idea would be appericated! Thanks
found my answer, follow the lan bridge offical document step six, the turnable settings, change net.link.bridge.pfil_member to 0 and net.link.bridge.pfil_bridge to 1
@@JasonsLabVideos for whatever reason, some of the device at home was not able to connect to the internet after doing the bridging. the 3 bridged ports on the opnsense router are working fine. however some (not all) device connected to AP to a PoE switch to the router will not be able to connect (they do get an local IP tho). So still trying to figure that out. switching back to original setup now
@@JasonsLabVideos Ya i did, and that's how i got the ports to talk to each other. the wire ports all works.. but it seems like somehow some AP with some SSID doesn't work (meaning same SSID, the device connect to one AP works fine and another AP will have problem connecting to the internet, both got an IPv4 address tho.) very odd. still trying
My brain is spinning backwards and sideways trying to understand why, not only it didn't work on my end, but why did it make me lose internet on the one interface that was working...
I hope someone can help me.. I have been trying to get this working for days and found this video but I still can not get it working. I am only needing to use an exta 1 nic. I have my WAN, LAN set up and working. I then have a 3rd port id like a wifi AP to be connected to so I can get wifi access via opnsense as well. I add the OPT1, Enable it then make a bridge with OPT1 in it. I then set the LAN to the bridge just made and then swap the lan cable to the 3rd nic assigned to OPT1 but i can never get an IP via DHCP and setting it my self does not help either. I am running this in a Hyper-V on Windows 11 so this may be getting in the way somehow? I could test that by trying it with opnsense installed directly onto the machine vs a VM but a VM is ultimately where i need it to be run any ideas ppl cus im stummed.
@@JasonsLabVideos Buying a switch is one of my next steps but I am trying to avoid that for now if I can. I have been trying to do this again with pfsense and opnsense installed directly and not via a VM. And now it wont detect my 2.5gb dual port nic... I need the realtek-re-kmod driver but it wont detect the card anymore even though it used to on a prevoius attempt at setting things up.. so I cant even try your method on bare metal unless I can get this nic to get detected. thanks
I'm trying to make a transparent bridge firewall, and I've followed four different guides that all say something different, which is frustrating enough, and now not even this video worked for me. I understand the concept and how you explained it, but once I set up the bridged adapter, it borks my connection to the web gui and locks me out (I stopped checking the disable anti admninistrator lockout while trying to reinstall on my second attempt. I am on my sixth attempt now.) What kills me about this, is that I can get a Cisco ASA up and properly configured in 2 hours with the little I remember from the classes I got in the Army and some googling, 100% in the command line. No ASDM. Yet this point n click tinker toy firewall BS is kicking the CRAP out of me. You need certs for Cisco! There are extremely hard classes for Cisco. I failed my CCNA twice and never went back, and yet I have more success with my ASA than with this. I'm ranting, but I am at my wits end. I am about ready to just drop it and install Windows or something else. I can be doing more productive things on memorial day than beating my face against a brick wall trying to get this gobshite to work.
I did this and i have internet on all ports but i cant ping my computers or see network share. Edit. Found the fix here in comments section. System ‣ Settings ‣ Tunables and change "net.link.bridge.pfil_member" to 0 and "net.link.bridge.pfil_bridge" to 1
I forgot to mention in the video to System ‣ Settings ‣ Tunables and change "net.link.bridge.pfil_member" to 0 and "net.link.bridge.pfil_bridge" to 1
yeah you should redo this, its a shame you skipped all the other details. Is this essentially just meant to show that you can create a filter bridge for the OPT ports while leaving the LAN and WAN for management? Also, really would begreat to see the box in a separate window as youre changing plugs... subscribed anyway, but its so hard to find a simple tutorial for creating filter bridge that actually works.
@@makerspersona5456 It does all work, but depending on what version.
@@JasonsLabVideos Unlike your tutorial, I configured the bridge using both the WAN and LAN interfaces (as instructed by the attached guide), and I also enabled two additional OPT interfaces (OPT1 and OPT2) for future use or management access.
After following the steps exactly as outlined in the guide-removing the static IPv4 addresses from both LAN and WAN and assigning a static IP to the bridge itself-I was able to get full internet access through the bridge. However, I’m unable to access the OPNSense web GUI through the bridge’s IP address or via the OPT interfaces. It seems like there’s no clear guidance on how to maintain access to the GUI once these settings are applied.
I’m wondering if you have any insights or recommendations for configuring the firewall rules for the OPT interfaces to restore access, or if there’s another step I might be missing to make this work. Any advice would be greatly appreciated!
www.zenarmor.com/docs/network-security-tutorials/how-to-configure-transparent-filtering-bridge-on-opnsense
Thanks so much for your time!
Your tip on how to bridge in OPNsense is perfect. Thank you for the video and instructions!
Thank you so much. It hurts when I try to read through the directions on how to do stuff. But for some reason when I watch it being done on the TV in video format it just clicks. And now I will never forget it.
Thank you so much for this video! Helped me so much setting up my firewall. Straight forward and to the point, thanks!
Love this, just getting started with OpnSense and saved me a lot of hassle down the line.
This video is very helpful and saved me from a lot of headaches, thx!
Excellent video, many thanks from Nova Scotia....
very helpful tips on setting up a bridge without getting locked out!
Great video, love the whole thing. I look forward to watching more of your stuff.
Thank you sir, thanks for watching !
Great tutorial Jason. Kudos to You !
Excellent. This config and use case I was searching a tutorial about.
Just came back to say thanks. This helped me yesterday. Was able to set up all the ports on my Qotom pc as lan ports.
Glad it helped !! Cheers
@@JasonsLabVideos yeah! The whole buy a switch when you already have ports doesn’t make sense to me.
@@Kushari Depends if you need Vlans or Poe :)
Super handy! Thank you.
This was beautiful to watch. Liked and subscribed.
Thanks sir !
Hey Jason. Thank you very much! Brand new subscriber here. I would like to share that after I successfully followed your steps on this video, I realized I could not reach or ping any IP directly in my LAN. No DCHP leases for any other device on a switch etc. So I found out that in order to get the bridge fully working for Firewall Rules, we need to disable filtering for the Bridge members interfaces and enable it for the Bridge interface itself: System ‣ Settings ‣ Tunables and change "net.link.bridge.pfil_member" to 0 and "net.link.bridge.pfil_bridge" to 1 (inverting the default setting). Hope it helps!
Thank you. I was having the same issues and this worked for me.
Are there any security considerations when doing this?
I have been pulling my hair out for 3 days trying to figure out the right firewall rules I followed this video to enable the bridge didnt even think to do this lol thank you kind sir!
@@LucidEnemy Happy to help!!
@@NihalVishvamitra Happy to help. No security implications unless the device is phisicaly accessed by unknown people in a easy to access place :-)
Worked. Thanks
Dude, thank you for this!
You saved my day. Thank bro.!!!
I've tried doing this from the documentation several times and missed that one crucial step. As soon as you said it in your video, the light bulb went on and 'click' :) Thanks for that.
Great job, Jason! This is exactly what I was looking for! Even the port count matches my case :)
Thanks sir, glad you watched and enjoyed !! More videos coming soon !
@@JasonsLabVideos Thanks! Added the channel to my subscriptions :)
As I have you here... Something is not right... There must be something more to the bridge configuration.
After following your instruction I was able to connect devices to any of the 4 free bridged LAN ports but it worked perfectly only when I connected just one single device. Once I connected any additional device at the same time -- my whole home network was like freaking out immediately: I was losing connectivity to random devices or event the whole parts of my network. It behaved like an IP conflict or something of that sort.
I spent like 3-4 hours on trying to figure out what was wrong and I ended up with coming back to using just one LAN port again and using an external switch :(
Help... :)
@@MarekCezaryWojtaszek Did you apply the 2 system tunables ?
@@JasonsLabVideos Nope. Did I miss something from the video?
After some further experiments it turned out that one of my switches may have generated some conflicts which randomly caused various issues in my network. It is a managed TP-LINK switch and I may have over-managed it :). I experienced issues even after restoring the pre-bridge OPNsense configuration from backup. After hard resetting the faulty switch all issues stopped immediately. I will watch it further and if it continues working flawlessly I will try bridging the ports again. Will let you know. Thanks!!
Thanks mate, it worked fine for me.
Excellent video Jason! I appreciate your candor early on. I have been trying to get bitwarden self-hosted setup. I keep failing at it but am learning from the experience. I get it installed, I can create a Master PW, login, etc. I point the browser extension to the self-hosted server but keep getting a backend null error. I tried once using Synology Docker, and twice on an Ubuntu VM. I am determined to figure it out. So, I know exactly where you are coming from. Great job!
We all learn differently! Not everyone wins on the first attempt :) but we learn and that's key :)
Thanks for the tutorial. You may also need to configure the firewall rules for each bridged ports if you have multiple subnets & existing firewall policies. You might also be able to keep the port assignments to the default if you copy all the fw rules, dhcp, etc rules to the bridge interface.
and enable system tunables.
@@JasonsLabVideos Yes, if you don't want to configure each firewall rule for each port, enable Tunables per the documentation so that the applied fw rules applies to all bridge ports.
@@glitch0156 System ‣ Settings ‣ Tunables and change "net.link.bridge.pfil_member" to 0 and "net.link.bridge.pfil_bridge" to 1
@@JasonsLabVideos You forgot to mention in the video to System ‣ Settings ‣ Tunables and change "net.link.bridge.pfil_member" to 0 and "net.link.bridge.pfil_bridge" to 1
Brilliantly explained Jason, well done. I've been head scratching for days now trying this. I'm swapping an OpenWRT 3200 with VLANS's out for this as I now want to compare performance, so want to mirror the setups. My OPNsense box is an APU4. Nice box, just remember to get the correct OPNsense image for installation, and it works MUCH better during installation if you use putty than console on Linux.
I previously had it all working but as the setup is so stable, I forgot how I set up the OPNsense box last time! [write the fine manual this time ;-) ]
If ya have questions just ask, always willing to help people :)
Very informative. Do you have also a video about firewall rules and DNS override? Something that dives a bit deeper into them. I had some problems at set them up properly. Thanks
Soon :)
Thank you for this video
thnx alot for your guide!! very usefull for me ;)
great video! uou make is so easy ;)
Harass, harass! Great video Jason. Also I enjoy our email exchanges.
OH MAN you are a blast to chatt with! We should do a phone call one day :) Thanks for watching BTW
thank you very much 😀👍
Nice, even I managed to understand this one and I am still very much new to this style of networking. I have a question if I may, I have in the works a very similar type small PC that I shall be using as my OPNSense box, a Fujitsu S920 with a 4 port gigabit card in much like this. I shall be using also be using the onboard port for the wan connection and my plan is to use the 4 port card to feed out to switches around the house where I need to break out multiple connections. My question being that I assume that I will have to go through this process to set those card ports up to be active in this way? I won't be plugging any end-hardware directly to the OPNsense box.
yup
Thsnk you Sir. It help me a lot... Do you have video on how to create vlan using the lan interface.... ❤❤❤
I sure do, its on my channel for a Opnsense full setup i believe.
nice little trick - nice to know ...
Since you are lapping stuff ... i was wondering what kind of through put you could get on ipsec tunnels ... do you have lab environment where you can spin up a vmware opnsense instance and test ipsec throughput?
good clear video! Thank you! What adapter do you need to get a four-port Ethernet adapter inside the mini lenovo?
Great stuff. I've been doing the same thing on box that I recently purchased from Aliexpress, to use it as my home firewall. The box itself has 4 ports 2.5Gb, one dedicated to WAN, one for LAN/MGMT and what about the other 2? So, I have been playing to basically create a switch and use it to connect to another switch down the line and one port for a server that I want to have full speed 2.5Gb as the port on my firewall has. I have to mention that my fibre connection is 3Gb.
That's some beefy hardware, how much stuff can you run on it for rules before you take a performance hit? I wonder if that would even be possible on that hardware. When I've built appliances like this it's usually a low power Celeron based unit so it's limited but fine for a basic solid firewall.
Thanks - I'm close I think - I tried this from a fresh install after I worked out how to get internet working but only via 1 of the LAN ports on my router (mini pc). My PC has 3 ethernet ports but when I plug my PC into the other port in your step @5:50 I just loose connection and even swapping the cable into the next port doesn't sovle it. I have to be close but are there other ideas? Does this guide assume I've setup other aspects of the configuration? At the moment I have static IP on the LAN and that's about it which gives me internet to one computer :/
on the lan you don't have dhcp ?
I'm in the same boat with my device (cxa-770). I believe it's an driver issue. NIC drivers not present when installing FreeBSD. Unfortinitual I'm unsure how to fix that as I'm new to FreeBSD and its commands. Hopefully we come across some kind of solution from other users.
Thanks dude
Hey Jason, I just did the configuration and wanted to say thank you! This was driving me mad 😂
I however ran into an odd issue, not sure if you experienced the same thing. So I have my main LAN on OPT0 and then I have a separate device on OPT1 they are under the same bridge assigned to LAN but for some reason devices on OPT1 can't talk or receive comms from OPT0 yet both of them can breakout to the internet.
Do you know if this is a configuration error or maybe we need some manual firewall or NAT rules?
Hey Jason, so I actually followed the guide and found this little piece of information. Hope this helps someone else that has the same problem. I just had to change the values, reading the below paragraph should explain it all.
"We now need to make two changes to the System Tunables to ensure that filtering is carried out on the bridge itself, and not on the member interfaces. Go to System ‣ Settings ‣ Tunables and select using the pen button net.link.bridge.pfil_member and set the value to 0 (add a new record if this entry doesn’t exist on your installation). & then Select the tunable net.link.bridge.pfil_bridge and set the value to 1"
Thanks Jason
Thanks
You are awesome! Is it possible if you can go one step further and show us how we configure those bridged ports as Trunk ports carrying same vlan tags on each one?
Next video :) yup ! It's coming
Still coming? This is exactly what I need, I have a 4 port intel nic in a T730 thin client running opnsense I would like to play with vlans but all my switches are passive/dumb. If I could create VLANs right at the router, my network could progress.
Will this bridge setup work virtualized on ESXI? I’ve been trying to get it to work, but no luck.
What hardware is it that you use for this video?
Im curious about both the Leonovo PC and the "box" you showed with 4 ethernet ports.
Thanks!
Morning there are 2 boxes one is a M720Q with a Celeron G4900T and a quad port intel nic, the other is a M920q i5 8500t with a quad port intel nic. You can buy the PCIE 4 & 8x & 16x cards for inside the units and then throw in a low profile nic :) works really really good too !
@@JasonsLabVideos Thanks! WIll look more into it to it to get the best FW possible :)
Any questions, just shoot me an email :) @@danielorneling2831
@@JasonsLabVideos oh btw, were both Lenovo PCs dual nic by default or have you added the extra ports yourself through PCIe?
Beginner question, i use 2.5g wan and lan is the same. Can you bridge the 10sfp+ to lan, any conflicts mingeling different ports together?
sure can.
@@JasonsLabVideos Cool news - might as well use the sfp+ since my router, switch and server has them. Wanna be a cool kid someday..
@@martinrasmussen8745 SFP+ to a switch for the lan :) BINGO !
@@JasonsLabVideos Yeah im never gonna saturate a 10g, but now i know how to do it.. :)
@@martinrasmussen8745 Should go Modem > firewall > switch. Between switch and firewall should use a sfp+ cable Dac / fiber :). Poof never have traffic issues !
thx for the vid
Thanks for the video. So bridging multiple ports puts them on the same network without any fancy rules?
Great video! That explains why I had no usage of those 2 other ports despite starting a DHCP server on those ports.
Question though: If I were to bridge all of my ports (I have 3 spare on a 10G Nic) would I be able to separate each individual port into its own VLAN? For example, my fourth port will be dedicated to my NAS. I don't want that one to be able to access the worldwide web. Even though all my ports are bridged together, I could still restrict that individual port, right?
Saved me a lot of time!
Hello Jason is the model of the expansion card with 4 nics that fits into that kind of system?
Yup
@@JasonsLabVideos sorry didnt make the rquestion, is what is the model of the nic? and how do you install it
Just so that I understand this. If I have a 4 port router and I want to use one port for LAN (w vlans) and one port for an AP (vlans) I would need to bridge the ports?
thank you so much man that help out 🙂
Did you ever get your bridge to work with VLANs ? I found it simpler to go back to trunking everything off from one port to a switch and going from there.
Yup, its just s simple thing in system tunables that needs to be checked.
Hey Jason can you make a video on how to setup a LAGG? instead of bridging the ports, can you create a LAGG? Can the LAGG be assigned to your Default LAN?
Yes, thats my next plan to learn how to do :) I'll have to muck it up 20x before i get it right BUT thats the whole point of my lab and learning !! Thanks for the suggestion Sean :)
@@JasonsLabVideos Thank you for your hard work. I look forward to that tutorial for OPNsense. Thanks again!
great video
OMG!!!!! so THAT was the missing piece!! i was stuck and couldn't get pass that!!
Thank you for the video. IPv4 with DHCP works fine for me, but i cant get IPv6 working for the hell of it
Hello.... is it possible that in transparent mode you can't use the ssl web proxy?. I can't make the transparent web proxy work for me with this configuration. Bye
Thank you for the tutorial! Curious as to why bridging is not recommended on various channels and forums? Supposedly there is a performance penalty, if so how much? What would be the recommended alternative if you want to utilize the additional ports on the same local network? Btw, I am using unmanaged switches.
My recommendation is to upgrade to managed switchs. I haven't noticed any issued with Bridged ports or using them for different subnets though.
When I tried this, if I remember correctly, I could only attach VLANs to the NIC's themselves but could not select the bridge itself. In OpenWRT, you can. In OpnSense, not so much.
Far easier to switch over to managed switches and trunk everything you need over one cable. The best use case that I've found is to use one of the remaining ports as backup access into the router.
There is a completely different mentality and functionality between Opnsense and OpenWRT.
Impressive little box with a 6 core i5! Maybe I'll try OPNsense, I'm just not a big BSD fan ...
unfortunately, in the case of virtualizing pfsense on esxi, I am unable to activate the rest of the LAN ports in this way, although each port in esxi has its own vswitch.. after changing the Lan interface from port to bridge, I lose access to the GUI even after switching the cable to one of the ports belonging to bridge
Whats wrong with ...1.1? Feeling a bit on the spot here, since mine is at 0.1, which I assume is equally bad. Why though?
Hi Jason, I am curious about Box setup, I have same box and I bought Mini PCI-E to PCI-E 16 but it don't fit.
Email me, I'll assist.
Where is the static IP set for the firewall/router now? Is that now set on the bridge network?? Normally this static IP was configured on the LAN.
To answer my own question. The settings for static IP needs to be executed on the what in this video is called "LAN" interface, which may or may not be the name of your interface. Anyhow, there is where I set a static IP for the firewall/router. And also in DHCP I configured a correct range I wanted. And if this works, then proceed with creating such a bridge like explained in this video!
8:08..
Q:
How much will the routing performance drop on this hardware when you turn on "Zenarmor"??
On this i5 6 core ? Hardly any. I have a build video coming soon and will be using zenarmor
@@JasonsLabVideos
Will you do a performance test on this hardware (with zenarmor), but with several clients?
(a real-life use scenario)
@@AdrianuX1985 yup, sure will !
Exceptional and exceptionally brief video tutorial! Nevertheless, I was under the assumption that I could set up independent physical networks for each LAN port on my Qotom Mini PC Q750G5, and am running into trouble. Port0=WAN and Port1=LAN1 are working swimmingly. OPT2-4 is dead in the proverbial water. Would love your thoughts.
You can setup networks per port, you have to turn on the tuuneables. Send me an email and ill help ya.
@@JasonsLabVideos I think I figured it out: Assigned and enabled the LANPort2 (igc2) + assigned/applied an IPv4 range -> Rebooted -> Enabled DHCPv4 for LANPort2 -> Meandered over to Firewall Rules and noticed the same inbound-only rules for IPv4/6 automagically appeared (literally mirroring the rules assigned to LANPort1 (igc2) -> connected to my wireless router and behold, it worked! I appreciate you offering to give me a hand. If anything I outlined seems odd, strange, or wrong, please don't hesitate to let me know. :)
do you have static ip on your computer?
I trued that it doesnt works in newest version of opnsense need more updated insteuctions at that webside as i tried to set lan to bridge-network itll complains that its already have other ports assigned
OMG, I spent 3 days trying to find your video solution. Everywhere on the internet, people say that you can only use one port for WAN and one for LAN. They also claim that a switch is faster for making LAN connections. Could you test this theory and compare it with this small PC using a bridge connection?
the speed would be determined on the nic INTEL nic and it being a good card. Should also be as fast as a switch.
all 4 ports works now.. however, they can't seem to talk to each other, I have a few local devices on a switch connect to port1, and when the laptop use wire directly connect to 2nd port, They all able to connect to internet, but laptop is not able to visit local devices (stuff connect to port1)
Any idea would be appericated! Thanks
found my answer, follow the lan bridge offical document step six, the turnable settings, change net.link.bridge.pfil_member to 0 and net.link.bridge.pfil_bridge to 1
@@KirkLau BINGO !
@@JasonsLabVideos for whatever reason, some of the device at home was not able to connect to the internet after doing the bridging. the 3 bridged ports on the opnsense router are working fine. however some (not all) device connected to AP to a PoE switch to the router will not be able to connect (they do get an local IP tho). So still trying to figure that out. switching back to original setup now
@@KirkLau Did you do the system tunables ?
@@JasonsLabVideos Ya i did, and that's how i got the ports to talk to each other. the wire ports all works.. but it seems like somehow some AP with some SSID doesn't work (meaning same SSID, the device connect to one AP works fine and another AP will have problem connecting to the internet, both got an IPv4 address tho.) very odd. still trying
My brain is spinning backwards and sideways trying to understand why, not only it didn't work on my end, but why did it make me lose internet on the one interface that was working...
I hope someone can help me.. I have been trying to get this working for days and found this video but I still can not get it working. I am only needing to use an exta 1 nic. I have my WAN, LAN set up and working. I then have a 3rd port id like a wifi AP to be connected to so I can get wifi access via opnsense as well. I add the OPT1, Enable it then make a bridge with OPT1 in it. I then set the LAN to the bridge just made and then swap the lan cable to the 3rd nic assigned to OPT1 but i can never get an IP via DHCP and setting it my self does not help either.
I am running this in a Hyper-V on Windows 11 so this may be getting in the way somehow? I could test that by trying it with opnsense installed directly onto the machine vs a VM but a VM is ultimately where i need it to be run
any ideas ppl cus im stummed.
Buy a mananged l2 switch, and vlan it. You can do all this with hyper v using vlans.
@@JasonsLabVideos Buying a switch is one of my next steps but I am trying to avoid that for now if I can. I have been trying to do this again with pfsense and opnsense installed directly and not via a VM. And now it wont detect my 2.5gb dual port nic... I need the realtek-re-kmod driver but it wont detect the card anymore even though it used to on a prevoius attempt at setting things up.. so I cant even try your method on bare metal unless I can get this nic to get detected. thanks
@@Seansmit23 BUY the switch, make your life easier. Not Harder. P.s Opnsense and pfsense HATE realtek nic cards. Intel for sucsess.
i love you
First!
That didnt auth using a client cert
What ?
LOL... LOL Just bypass that part by clicking continue a couple times on the link in bottom of that page. ;)
I'm trying to make a transparent bridge firewall, and I've followed four different guides that all say something different, which is frustrating enough, and now not even this video worked for me. I understand the concept and how you explained it, but once I set up the bridged adapter, it borks my connection to the web gui and locks me out (I stopped checking the disable anti admninistrator lockout while trying to reinstall on my second attempt. I am on my sixth attempt now.)
What kills me about this, is that I can get a Cisco ASA up and properly configured in 2 hours with the little I remember from the classes I got in the Army and some googling, 100% in the command line. No ASDM. Yet this point n click tinker toy firewall BS is kicking the CRAP out of me. You need certs for Cisco! There are extremely hard classes for Cisco. I failed my CCNA twice and never went back, and yet I have more success with my ASA than with this.
I'm ranting, but I am at my wits end. I am about ready to just drop it and install Windows or something else. I can be doing more productive things on memorial day than beating my face against a brick wall trying to get this gobshite to work.
email me, see if i can assist
@@JasonsLabVideos I never expected a response lol! (Just tried and failed with pfsense for a completely different reason FYI) I'll shoot you an email
I did this and i have internet on all ports but i cant ping my computers or see network share. Edit. Found the fix here in comments section. System ‣ Settings ‣ Tunables and change "net.link.bridge.pfil_member" to 0 and "net.link.bridge.pfil_bridge" to 1