Re: [pfSense] Design Best Practice Question

Sat, 07 Mar 2015 09:45:43 -0800 

On the subject of bridging vs routing for firewall:  If you require layer 3 to 
get to your guarded hosts, then you only have to think about rules in layer 3.  
If you bridge, then you may have to think about arp spoofing, multicast, IPX, 
etc.  So if you’re bridging, you may be presenting a much larger attack surface 
on your guarded hosts than if you’re routing.

        ED.



> On 2015, Mar 7, at 8:42 AM, Tim Hogan <t...@hoganzoo.com> wrote:
> 
> 
> Yes, I guess I want to know if the bridge is set up correctly when one of the 
> interfaces in the bridge has an IP address that is being used for the NAT 
> address for my internal LAN.
> 
> Regards,
> Tim
> 
> 
> On 3/6/2015 3:07 PM, WebDawg wrote:
>> On Fri, Mar 6, 2015 at 2:16 PM, Tim Hogan <t...@hoganzoo.com 
>> <mailto:t...@hoganzoo.com>> wrote:
>> 
>>    I am looking for some advice from the group about the best way to
>>    put pfSense in my environment so that it can filter all traffic.
>>    The cable provider that I use has given me a /29 of static IP
>>    address and one of those addresses is assigned to the cable modem.
>>    When I asked about putting the modem into bridging mode I found
>>    out that their idea of bridging is to disable the firewall and
>>    DHCP service on the modem.  So this is what I have come up with so
>>    far.
>> 
>>    Cable Modem: 70.70.70.94
>>    pfSense WAN: 70.70.70.93 (also my NAT address for the LAN)
>>    pfSense LAN: 10.100.100.1/24 <http://10.100.100.1/24>
>>    pfSense OPT1: bridged to WAN interface, no IP address
>> 
>>    The OPT1 interface is connected to a switch that has the other
>>    devices with the remaining IP address in the 70.70.70.89/29
>>    <http://70.70.70.89/29> space and I have the firewall rules for
>>    this space on the WAN interface. It seems to work but I am
>>    wondering if I am using the bridging feature correctly. Any thoughts?
>> 
>>    Thanks,
>>    Tim
>> 
>> 
>> I do not understand the question.  Using the bridge feature correctly?
>> 
>> 
>> 
>> _______________________________________________
>> pfSense mailing list
>> https://lists.pfsense.org/mailman/listinfo/list
>> Support the project with Gold! https://pfsense.org/gold
> 
> _______________________________________________
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold

_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Reply via email to