Bug #6941
closed
VLAN interface does not work unless parent/or vlan interface are in promiscious mode
0%
Description
Hi,
I have a pfsense box with two physical interfaces re0/re1.
My setup is two vlan interfaces defined re0_102 and re1_202. The first interface has DHCP enabled and are my WAN interface. The second have static IP and DHCP server enabled.
My client connects and everything works well on LAN side. Problem is i cannot access internet/WAN side.
But if i connect via SSH and start tcpdump -i re0 / tcpdump -i re0_vlan102 packets start flowing from LAN to WAN. When i terminate tcpdump the packets stop flowing and i cannot access internet.
DHCP for the WAN interface works, but I cannot ping the WAN GW from pfsense either without tcpdump running.
My re0 and re1 are enabled and IPV4/IPV6 are set to NONE / ie not in use.
I have searched and found similar problems online for pfsense back in 2010.
My tcpdump confirms packets are moving in and out with correct mac address. Vlan interfaces have same mac as parent interface.
regards
Thomas
Updated by Jim Pingle over 8 years ago
- Status changed from New to Rejected
That would be a limit of your specific NIC chip and/or driver. If it's possible to be fixed at all, it would have to be fixed in FreeBSD. It is not a general limit of the re(4) driver, VLANs on some of those work fine without promiscuous mode.
Try a 2.4 snapshot and see if they behave better there. If not, try stock FreeBSD 11 and if it is broken there as well, report it to FreeBSD.
Updated by Thomas Nilsen over 8 years ago
Jim Pingle wrote:
That would be a limit of your specific NIC chip and/or driver. If it's possible to be fixed at all, it would have to be fixed in FreeBSD. It is not a general limit of the re(4) driver, VLANs on some of those work fine without promiscuous mode.
Try a 2.4 snapshot and see if they behave better there. If not, try stock FreeBSD 11 and if it is broken there as well, report it to FreeBSD.
I have tested it on two more boxes right now and the bug didn't show there. What I found was on that the box with the problem there was something strange with the MAC address of the WAN (re0) interface. Sincen the vlan interface on re1 works well I isolated the problem to have something to do with re0. Figures a "spoofed mac" on that adapter that was tried when installing has become "sticky". I have tried to remove it in pfsense clearing out and saving the spoofed-MAC address field under interface configuration but it still keeps the spoofed MAC when I check with ifconfig. Also after reboot.
Reading this; https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=168268 tells me that there is actually a bug with Realtek driver, when using user defined mac address.
So I tried to find out what MAC address should be there, but I was not able to do so.
So the real problem here is when clearing out the spoofed MAC address pfsense actually does not have it come back to original..
regards
Thomas
Updated by Jim Pingle over 8 years ago
There are known issues with re(4) and spoofed MACs, it isn't always the driver, sometimes it is the chip itself.
You have to reboot after clearing out a spoofed MAC on any card.