How to Bridge Two Network Interfaces on FreeBSD

This article provides a step-by-step guide on how to bridge two network interfaces on FreeBSD.
by İbrahim Korucuoğlu ( @siberoloji) |
Tags:
Categories:

  4 minute read  

Introduction

FreeBSD is a powerful and flexible operating system often used in networking, server environments, and embedded systems. One of its key features is the ability to create network bridges, which allow multiple network interfaces to function as a single logical unit. This is useful in scenarios such as network testing, virtualization, or extending networks.

In this guide, we will walk through the process of setting up a network bridge on FreeBSD by bridging two network interfaces. This will allow traffic to flow seamlessly between them, creating a transparent link.

Understanding Network Bridging

A network bridge connects two or more network segments at the data link layer (Layer 2 of the OSI model). It forwards Ethernet frames between the interfaces, making them function as if they were on the same physical network.

Common use cases for bridging include:

  • Extending a network without using a router
  • Creating a virtual switch for virtual machines
  • Enabling packet monitoring in security applications
  • Isolating traffic for security testing

Prerequisites

Before proceeding, ensure you have:

  • A FreeBSD system with root or sudo privileges
  • Two network interfaces available for bridging
  • Basic familiarity with FreeBSD’s command line and network configuration

Step 1: Verify Available Network Interfaces

Before creating a bridge, check the available network interfaces using:

ifconfig

This command will list all network interfaces on the system. Identify the two interfaces you want to bridge, for example, em0 and em1.

Step 2: Load the Bridge Kernel Module

If the bridge module is not already loaded, you can load it manually with:

kldload if_bridge

To ensure it loads automatically at boot, add the following line to /boot/loader.conf:

if_bridge_load="YES"

Step 3: Create the Network Bridge

Now, create a new bridge interface using the ifconfig command:

ifconfig bridge0 create

Next, add the network interfaces to the bridge:

ifconfig bridge0 addm em0 addm em1

This command assigns em0 and em1 to bridge0, making them part of the same logical network segment.

Step 4: Assign an IP Address (Optional)

By default, a bridge operates at Layer 2 and does not need an IP address. However, if you want to manage the bridge or allow host access, assign it an IP:

ifconfig bridge0 inet 192.168.1.1/24 up

Replace 192.168.1.1/24 with the appropriate IP address for your network.

Step 5: Enable the Bridge at Boot

To ensure the bridge persists across reboots, edit /etc/rc.conf and add the following lines:

cloned_interfaces="bridge0"
ifconfig_bridge0="addm em0 addm em1 up"
ifconfig_em0="up"
ifconfig_em1="up"

If you assigned an IP address to the bridge, modify the ifconfig_bridge0 line:

ifconfig_bridge0="inet 192.168.1.1/24 addm em0 addm em1 up"

Step 6: Restart Networking

Apply the changes without rebooting by restarting the networking service:

service netif restart

Alternatively, you can bring the bridge up manually:

ifconfig bridge0 up

Step 7: Verify the Bridge Configuration

Check the bridge setup with:

ifconfig bridge0

You should see em0 and em1 listed under members:. To confirm traffic is flowing, use:

ping -c 4 <target_ip>

Step 8: Troubleshooting

If the bridge is not working as expected, consider the following troubleshooting steps:

1. Check Interface Status

Ensure that both interfaces are up:

ifconfig em0
ifconfig em1

If either is down, bring it up with:

ifconfig em0 up
ifconfig em1 up

2. Review Firewall Rules

Firewalls can block bridged traffic. If using pf, ipfw, or ipfilter, adjust the rules accordingly. For pf, ensure:

set skip on bridge0

is present in /etc/pf.conf.

3. Check System Logs

Logs may contain useful error messages:

dmesg | grep bridge

4. Verify Packet Forwarding (if Needed)

If the bridge is acting as a gateway, enable packet forwarding in /etc/sysctl.conf:

net.inet.ip.forwarding=1

Apply changes with:

sysctl net.inet.ip.forwarding=1

Conclusion

Bridging network interfaces on FreeBSD is a straightforward process that allows seamless Layer 2 connectivity. By following these steps, you can extend networks, create virtual switches, or monitor traffic effectively.

With proper configuration and troubleshooting, a FreeBSD bridge can serve as a reliable networking solution for various applications.


< How to Troubleshoot Network IssuesSetting Up SSH Key-Based Authentication >