I have a similar configuration where the lan is bridged to the wan. I just made a rule to allow access to the wan IP. This is accessable from anywhere as the bridge is in place.
Configuration. Start with a clean install. Setup ip address in wan. Gateway etc. Configure firewall rules access wan IP from https and ssh Ie: allow all to wan port 443 etc. Setup allow rules for your other services. If the block is a private block you will have to turn off Block private blocks etc on wan interface. Disable dhcp server on lan Save the config. Incase it fails. Then remove ip address from lan and bridge it to wan. Wait a couple of minutes. Manually restart the box and access the wan ip address. All works fine for me in about 10 setups. > -----Original Message----- > From: Bill Marquette [mailto:[EMAIL PROTECTED] > Sent: 24 October 2005 14:45 > To: support@pfsense.com > Subject: Re: [pfSense Support] pfsense 0.88 > > Anyone that's set this up care to comment? I'm starting to talk about > things I've never done, not a good idea :) > > --Bill > > On 10/24/05, Peter Zaitsev <[EMAIL PROTECTED]> wrote: > > On Sun, 2005-10-23 at 09:23 -0500, Bill Marquette wrote: > > > O > > > > > > > Is there any way I could have pfsense ip at .154 and use .155-158 > for > > > > my applications ? > > > > > > Yes, configure the pfSense LAN IP to .154 (and configure it for the > > > full subnet - you'll need to set the default gateway too) and then > > > bridge LAN to WAN. You'll need rules on the WAN interface to allow > > > for remote management of the pfSense box, but that should work just > > > fine. > > > > Well, > > > > Both LAN and WAN wants their IPs set. > > > > And never of configurations seems to work decent way. > > > > First, I have to set IP address to WAN network, otherwise it complains > > > > "field 'IP address' is required." > > > > I may only set IP to WAN network and leave LAN ip empty and enable > > bridging. In this case PfSense however becomes unreachable from LAN > > network (should not it be fixed to also require IP if it is really > > required ?) In this case I however can access WebGUI from external > > network (I allowed all incoming traffic for tests). > > > > One more bug around it - If I provide empty LAN address in configuration > > it continues to work... until reboot. Reboot causes system to be > > inaccessible from LAN. This especially worries me as if reboot happens > > few months after you've done some changes you might not remember what > > they were... > > > > > > If I set both LAN and WAN to use the same IP address (.154) access from > > WAN breaks, even with firewall which permits everything > > > > ... Went do do some research. > > > > Ok. It looks like I got what the problem is. There is "wanspoof" rule > > which blocks all traffic from WAN network which comes from IPs which are > > set for LAN network, which seems to be wrong in case of Network > > bridging. > > > > Also... I see there is the rule "SSHLockout" - any way to disable it ? > > It is to be used in collocation environment and there are certain hosts > > which will need such access. > > > > Thanks. > > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
