How to set up a LAN Bridge¶
Original Author: Martin Wasley
LAN Bridges should really only be used where the LAN secondary, tertiary and other interfaces are not heavily used, if that is the case then it is recommended that an external switch be used instead. That being said, if the CPU is fast enough then it will easily cope with the extra load placed upon it by the bridge.
When creating a LAN bridge it is essential that you have physical access to the device, you will need to swap the LAN connection at a certain point.
Configure OPNsense as normal, with a single LAN interface, make sure that it works correctly. It’s a good idea to add the extra NIC interfaces ( OPTx ) during installation.
Create the bridge itself. Selectand ADD a new bridge. Select from the member interfaces the unused interfaces you wish to add to the bridge, OPT2,OPT3 etc.
Now Save the new bridge.
It is imperative that the member interfaces have nothing set within them for IPv4 or IPv6, each member interface should be enabled and they should look like this:
Selectand for the LAN interface, select the bridge previously created and Save.
At this point you will need to swap your LAN cable from the existing LAN connection to one of the NICs that were added to the bridge interface, once connected then you must wait, it can take some time for the interface to come back up, but keep refreshing the web interface until it does.
The Original LAN interface is now unassigned and will need to be re-assigned. Go toand in the New Interface box you will see the NIC itself ( igb*, em* ), select it and hit the ‘+’ button to add an assignment, then click Save.
Selectand add the interface created in Step Four to the bridge and Save, remember to check the new interface and ensure it is enabled as in Step Two.
We now need to make two changes to the System Tunables to ensure that filtering is carried out on the bridge itself, and not on the member interfaces. Go toand select using the pen button net.link.bridge.pfil_member and set the value to 0 (add a new record if this entry doesn’t exist on your installation).
Select the tunable net.link.bridge.pfil_bridge and set the value to 1
Once complete, thepage should look similar to this:
Now reboot, when the system restores you should have a fully functional bridge interface.