No primer on pfSense would be complete without some discussion of routing and bridging. These two networking concepts are often employed for similar reasons, but there are some significant differences between them. Routing is the process of moving packets between two or more networks. It is most commonly used to move traffic between the public internet and private networks. Bridging is the process of connecting two network segments together. The most significant difference is that routing involves inter-network traffic, while bridging involves intra-network traffic.

When pfSense is initially installed and configured, WAN and LAN interfaces are created, and pfSense can route traffic between these two networks with ease. In fact, it can easily route traffic between any interfaces directly connected to it. It will not, however, know how to route traffic to networks not directly connected to it unless you define a static route for it. Bridging, however, is not something that is done in typical network conditions. It allows us to extend a network beyond a single segment. Broadcast traffic will still flood both sides of the bridge, but each side of the bridge will form its own collision domain. In the days before switches (in which each port forms its own collision domain), this was an effective way of expanding a single network while ensuring a smooth flow of traffic. One significant limitation of bridging in pfSense is that two bridged interfaces can only pass traffic if the firewall rules allow it, at least by default.

This chapter will cover the following topics:

• Routing and bridging fundamentals
• Routing
• Bridging
• Troubleshooting