Routing and bridging are functionally very similar, but they have significant differences. Routing, the process of moving packets between two or more networks, is one of the primary functions of a firewall, and most of them do a good enough job at it to make routing seem transparent. With a minimum of configuration, pfSense is able to route traffic between your local network (LAN) and the internet (WAN). Little additional configuration is needed to add other local networks. Firewalls, however, initially only know how to route traffic to the networks directly attached to them. For example, if you have a router connected to one of pfSense's internal networks, pfSense will not know how to route traffic to any nodes attached to the router unless you define a static route for it.

Bridging is not something that is done in typical network configurations. Bridges are connections between network segments. They allow us to extend a network beyond a single segment, while limiting broadcast traffic to a single segment so the network does not get overwhelmed by broadcast traffic. Normally, each interface is its own broadcast domain. It is often useful or necessary, however, to combine (or bridge) two interfaces so that they are within the same broadcast domain, similar to the way they would be if they were on the same switch. However, the difference between two bridged interfaces and a switch is that with bridged interfaces, firewall rules still apply. Thus, if you want traffic to pass between the two interfaces, you need to make sure the rules allow it.

This chapter will cover the following topics:

• Basic concepts
• Routing
• Bridging
• Troubleshooting