bridge interface not need IP. it runs in promisc mode and only forward packages from one side to another.
On Tue, Sep 30, 2014 at 3:26 PM, Jeronimo L. Cabral <[email protected]> wrote: > But the bridging interface must have a public IP or do I have to set it up > as IP-Less ??? > > > > On Tue, Sep 30, 2014 at 3:17 PM, Ivo Tonev <[email protected]> wrote: > >> bridge is necessary, without it there is no forward between interfaces. >> >> >> On Tue, Sep 30, 2014 at 3:11 PM, Jeronimo L. Cabral <[email protected] >> > wrote: >> >>> OK Ivo, that's a great data.....I really appreciate this... >>> >>> But please tell me this at last: >>> >>> So WAN and LAN interfaces have no IP assigned ??? >>> Do I have to create a bridging interface with WAN and LAN interfaces, >>> and in this case is it possible to have an IP-Less bridging interface ??? >>> Or the bridge it's not necessary and it's enough with WAN and LAN IP-Less >>> in promiscuous mode ??? >>> >>> Thanks a lot again !!! >>> >>> >>> On Tue, Sep 30, 2014 at 3:04 PM, Ivo Tonev <[email protected]> wrote: >>> >>>> you need to use the management network to download. >>>> >>>> >>>> On Tue, Sep 30, 2014 at 3:01 PM, Jeronimo L. Cabral < >>>> [email protected]> wrote: >>>> >>>>> Dear, I can't understand at all....please be patient with me :( >>>>> >>>>> I'll use pFsense with Snort as a IPS because I see is easier than the >>>>> manually configuration of Snort. >>>>> >>>>> I have an ISP router with 200.1.1.1, a corporate firewall with >>>>> 200.1.1.2 and the condition is that I MUST LET THIS CONFIGURATION AS IT IS >>>>> NOW. >>>>> >>>>> So, I have to locate the pFsense server between the router and the >>>>> firewall, in "inline" mode. >>>>> >>>>> My pFsense server has 3 network interfaces, let's say: WAN connected >>>>> to router, LAN connected to corporate firewall and OPT1 for management >>>>> with >>>>> IP 192.168.1.1. >>>>> >>>>> Now I have the question: >>>>> >>>>> How should I have to configure the WAN and LAN interfaces, with IP, >>>>> IP-less, creating a bridging interface IP-less or with IP ???? Because if >>>>> I >>>>> create a bridge with WAN and LAN and I don't assign an IP, the IPS won't >>>>> download the signs from Internet...I'm a bit confused. >>>>> >>>>> Thanks a lot, regards. >>>>> >>>>> JeLo >>>>> >>>>> >>>>> >>>>> On Tue, Sep 30, 2014 at 10:55 AM, Ivo Tonev <[email protected]> wrote: >>>>> >>>>>> Yes. Always use out of band management. >>>>>> >>>>>> >>>>>> >>>>>> On Tue, Sep 30, 2014 at 10:35 AM, Roberto Carna < >>>>>> [email protected]> wrote: >>>>>> >>>>>>> Ivo, that's a good idea....but please tell me if I'm correct or not: >>>>>>> >>>>>>> WAN, LAN, Bridge interfaces: IP-Less >>>>>>> OPT1: IP for management in a management network >>>>>>> >>>>>>> Tnaks again, >>>>>>> >>>>>>> 2014-09-30 9:27 GMT-03:00 Ivo Tonev <[email protected]>: >>>>>>> > I recommend you create a management network for OPT1 with private >>>>>>> IP. >>>>>>> > >>>>>>> > >>>>>>> > On Tue, Sep 30, 2014 at 12:13 AM, Roberto Carna < >>>>>>> [email protected]> >>>>>>> > wrote: >>>>>>> >> >>>>>>> >> I think this is good for us: >>>>>>> >> >>>>>>> >> >>>>>>> >> - Router ISP with IP 200.0.0.1 >>>>>>> >> >>>>>>> >> - pFsense with the following interfaces: >>>>>>> >> >>>>>>> >> a) WAN IP-Less >>>>>>> >> b) LAN IP-Less >>>>>>> >> c) OPT1 with IP 200.0.0.2 (management) >>>>>>> >> d) Bridge with WAN and LAN interfaces, and Bridge interface >>>>>>> IP-Less >>>>>>> >> >>>>>>> >> - Corporate firewall with IP 200.0.0.3 >>>>>>> >> >>>>>>> >> - Snort runs in Bridge interface >>>>>>> >> >>>>>>> >> Do you think this is correct ??? >>>>>>> >> >>>>>>> >> Good night !!! >>>>>>> >> >>>>>>> >> Roberto >>>>>>> >> >>>>>>> >> >>>>>>> >> 2014-09-29 22:09 GMT-03:00 Jeronimo L. Cabral < >>>>>>> [email protected]>: >>>>>>> >> > I can say that I imagine this addresses space: >>>>>>> >> > >>>>>>> >> > Router / IP 200.1.1.1 --- WAN IP-Less / pFsense/ LAN IP-Less --- >>>>>>> >> > Firewall / >>>>>>> >> > IP 200.1.1.2 >>>>>>> >> > OPT1 >>>>>>> / IP >>>>>>> >> > 200.1.1.3 >>>>>>> >> > >>>>>>> (management) >>>>>>> >> > >>>>>>> >> > So, the WAN and LAN interfaces from pFsense are IP-LESS >>>>>>> (promiscuos >>>>>>> >> > mode), >>>>>>> >> > and the OPT1 interface from pFsense has a public IP as router >>>>>>> and >>>>>>> >> > firewall. >>>>>>> >> > >>>>>>> >> > Can I do this in pfsense ??? >>>>>>> >> > >>>>>>> >> > >>>>>>> >> > On Mon, Sep 29, 2014 at 9:49 PM, Jeronimo L. Cabral >>>>>>> >> > <[email protected]> >>>>>>> >> > wrote: >>>>>>> >> >> >>>>>>> >> >> OK Ivo, this is very helpful to me....Suppose I have: >>>>>>> >> >> >>>>>>> >> >> Router / IP 200.1.1.1 --- WAN/pFsense/LAN --- Firewall / IP >>>>>>> 200.1.1.2 >>>>>>> >> >> >>>>>>> >> >> I have to maintan invariable the addressing of this scenario, >>>>>>> so what >>>>>>> >> >> IP >>>>>>> >> >> addresses do I have to assign to WAN and LAN pFsense >>>>>>> interfaces ??? >>>>>>> >> >> >>>>>>> >> >> Thanks a lot, >>>>>>> >> >> >>>>>>> >> >> JeLo >>>>>>> >> >> >>>>>>> >> >> On Mon, Sep 29, 2014 at 9:32 PM, Ivo Tonev <[email protected]> >>>>>>> wrote: >>>>>>> >> >>> >>>>>>> >> >>> In production environment you need 3 interfaces - one for >>>>>>> WAN, one for >>>>>>> >> >>> LAN and one for management. >>>>>>> >> >>> >>>>>>> >> >>> >>>>>>> >> >>> >>>>>>> >> >>> >>>>>>> http://www.cisco.com/c/en/us/td/docs/security/asa/quick_start/ips/ips_qsg.html >>>>>>> >> >>> >>>>>>> >> >>> >>>>>>> >> >>> On Mon, Sep 29, 2014 at 9:24 PM, compdoc < >>>>>>> [email protected]> wrote: >>>>>>> >> >>>> >>>>>>> >> >>>> > But you say: one interface for WAN, a second for >>>>>>> >> >>>> >>>>>>> >> >>>> >LAN...and which interface is for managing ??? >>>>>>> >> >>>> >>>>>>> >> >>>> >>>>>>> >> >>>> >>>>>>> >> >>>> >>>>>>> >> >>>> >>>>>>> >> >>>> You manage with a browser from LAN, and optional also from >>>>>>> the WAN >>>>>>> >> >>>> port. >>>>>>> >> >>>> And with ssh from the LAN. >>>>>>> >> >>>> >>>>>>> >> >>>> >>>>>>> >> >>>> >>>>>>> >> >>>> >>>>>>> >> >>>> _______________________________________________ >>>>>>> >> >>>> List mailing list >>>>>>> >> >>>> [email protected] >>>>>>> >> >>>> https://lists.pfsense.org/mailman/listinfo/list >>>>>>> >> >>> >>>>>>> >> >>> >>>>>>> >> >>> >>>>>>> >> >>> >>>>>>> >> >>> -- >>>>>>> >> >>> Ivo R. Tonev >>>>>>> >> >>> +55 61 8409-2642 >>>>>>> >> >>> [email protected] >>>>>>> >> >>> >>>>>>> >> >>> _______________________________________________ >>>>>>> >> >>> List mailing list >>>>>>> >> >>> [email protected] >>>>>>> >> >>> https://lists.pfsense.org/mailman/listinfo/list >>>>>>> >> >> >>>>>>> >> >> >>>>>>> >> > >>>>>>> >> > >>>>>>> >> > _______________________________________________ >>>>>>> >> > List mailing list >>>>>>> >> > [email protected] >>>>>>> >> > https://lists.pfsense.org/mailman/listinfo/list >>>>>>> >> _______________________________________________ >>>>>>> >> List mailing list >>>>>>> >> [email protected] >>>>>>> >> https://lists.pfsense.org/mailman/listinfo/list >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > -- >>>>>>> > Ivo R. Tonev >>>>>>> > +55 61 8409-2642 >>>>>>> > [email protected] >>>>>>> > >>>>>>> > _______________________________________________ >>>>>>> > List mailing list >>>>>>> > [email protected] >>>>>>> > https://lists.pfsense.org/mailman/listinfo/list >>>>>>> _______________________________________________ >>>>>>> List mailing list >>>>>>> [email protected] >>>>>>> https://lists.pfsense.org/mailman/listinfo/list >>>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Ivo R. Tonev >>>>>> +55 61 8409-2642 >>>>>> [email protected] >>>>>> >>>>>> _______________________________________________ >>>>>> List mailing list >>>>>> [email protected] >>>>>> https://lists.pfsense.org/mailman/listinfo/list >>>>>> >>>>> >>>>> >>>>> _______________________________________________ >>>>> List mailing list >>>>> [email protected] >>>>> https://lists.pfsense.org/mailman/listinfo/list >>>>> >>>> >>>> >>>> >>>> -- >>>> Ivo R. Tonev >>>> +55 61 8409-2642 >>>> [email protected] >>>> >>>> _______________________________________________ >>>> List mailing list >>>> [email protected] >>>> https://lists.pfsense.org/mailman/listinfo/list >>>> >>> >>> >>> _______________________________________________ >>> List mailing list >>> [email protected] >>> https://lists.pfsense.org/mailman/listinfo/list >>> >> >> >> >> -- >> Ivo R. Tonev >> +55 61 8409-2642 >> [email protected] >> >> _______________________________________________ >> List mailing list >> [email protected] >> https://lists.pfsense.org/mailman/listinfo/list >> > > > _______________________________________________ > List mailing list > [email protected] > https://lists.pfsense.org/mailman/listinfo/list > -- Ivo R. Tonev +55 61 8409-2642 [email protected]
_______________________________________________ List mailing list [email protected] https://lists.pfsense.org/mailman/listinfo/list
