forwarding didn't work if wlan0 is member of a bridge

Olivier Cochard-Labbé olivier at
Wed Dec 23 10:32:20 UTC 2015


If wlan0 interface is member of a bridge, FreeBSD didn't reach to
forward-back packets to wireless client

My setup is this one:

internet gateway <--> [net0] fbsd router [net1 + wifi-hostap in bridge0]
 <--> wireless client

and the problem description:
 - wireless clients didn't receive any packet back: the fbsd-router blocks
answers because it thinks wireless clients are "unreachable".
 - But wireless clients can reach all IP of the fbsd-router hitself without
problem, and fbsd-router can ping them too.
 - Ethernet clients connected to the same bridge0 didn't have problem

A tcpdump on the outgoing interface shows the fbsd-router correctly
receiving/NATing/forwarding the wireless-client packet (
natted to toward the Internet-gateway (,
but once received the response from the internet-gateway it is not able to
reach the wireless-client (unreachable):
[fbsd-router]~> sudo tcpdump -pni net0 icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on net0, link-type EN10MB (Ethernet), capture size 262144 bytes
07:35:24.869560 IP > ICMP echo request, id
1, seq 375, length 40
07:35:24.869772 IP > ICMP echo reply, id 1,
seq 375, length 40
07:35:24.870314 IP > ICMP host unreachable, length 36

But directly from the fbsd-router, there is no problem for reaching the
[fbsd-router]~> ping wireless-client
PING ( 56 data bytes
64 bytes from icmp_seq=0 ttl=128 time=2.633 ms
64 bytes from icmp_seq=1 ttl=128 time=1.614 ms

I'm using a bridge because I need to use only one subnet for all my clients
(ethernet and wifi):
[fbsd-router]~> ifconfig bridge0
bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu
        ether 02:82:9f:45:81:00
        inet netmask 0xffffffe0 broadcast
        nd6 options=49<PERFORMNUD,IFDISABLED,NO_RADR>
        groups: bridge
        id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
        maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
        root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
        member: wlan0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 6 priority 128 path cost 33333
        member: net1 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 2 priority 128 path cost 55

And this "unreacheable" problem is related to the bridge, if I remove the
wlan0 from the bridge, there is no more problem.

What problem can cause FreeBSD to answer back "unreachable" when wlan0 is
member of a bridge ?

Head versions tested: r290522, r291362, r292613.


