Anyone that's set this up care to comment? I'm starting to talk about things I've never done, not a good idea :)
--Bill On 10/24/05, Peter Zaitsev <[EMAIL PROTECTED]> wrote: > On Sun, 2005-10-23 at 09:23 -0500, Bill Marquette wrote: > > O > > > > > Is there any way I could have pfsense ip at .154 and use .155-158 for > > > my applications ? > > > > Yes, configure the pfSense LAN IP to .154 (and configure it for the > > full subnet - you'll need to set the default gateway too) and then > > bridge LAN to WAN. You'll need rules on the WAN interface to allow > > for remote management of the pfSense box, but that should work just > > fine. > > Well, > > Both LAN and WAN wants their IPs set. > > And never of configurations seems to work decent way. > > First, I have to set IP address to WAN network, otherwise it complains > > "field 'IP address' is required." > > I may only set IP to WAN network and leave LAN ip empty and enable > bridging. In this case PfSense however becomes unreachable from LAN > network (should not it be fixed to also require IP if it is really > required ?) In this case I however can access WebGUI from external > network (I allowed all incoming traffic for tests). > > One more bug around it - If I provide empty LAN address in configuration > it continues to work... until reboot. Reboot causes system to be > inaccessible from LAN. This especially worries me as if reboot happens > few months after you've done some changes you might not remember what > they were... > > > If I set both LAN and WAN to use the same IP address (.154) access from > WAN breaks, even with firewall which permits everything > > ... Went do do some research. > > Ok. It looks like I got what the problem is. There is "wanspoof" rule > which blocks all traffic from WAN network which comes from IPs which are > set for LAN network, which seems to be wrong in case of Network > bridging. > > Also... I see there is the rule "SSHLockout" - any way to disable it ? > It is to be used in collocation environment and there are certain hosts > which will need such access. > > Thanks. > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
