I'm successfully using pfSense in quite a few instances as transparent bridged devices. They handle multiple-subnet bridging perfectly. I have found one caveat is to put the WAN on your incoming provider (as you've done) and use an OPT interface for the inside of the bridge. If I recall, there are some special 'hidden' rules on the LAN interface that are not present on OPTs. Also, you don't even need to put a routable IP on the WAN for it to function properly. In one case, I've assigned an IP from a private address space. The OPT interface doesn't need an IP at all if it is bridged. Then, you'll want to have a routable IP on your LAN for management purposes.
Also, WAN-->LAN communication is being NAT'ed by default which is another reason why I've always used an OPT instead. I suppose you could turn off NAT but where is the fun in that... :-) Hope this helps! Tim Nelson Systems/Network Engineer Rockbochs Inc. (218)727-4332 x105 ----- "Glenn Kelley" <[EMAIL PROTECTED]> wrote: > Greetings folks - > After a really nice long google search I ended up here ... > > In short we have a number of ip's a client of ours is looking to setup > > PFSense as a transparent bridge/firewall for. > > Setup is as follows > > > Incoming Ethernet Connection from Data Center > | > | > | > SWITCH > | > | > | > PF SENSE WAN (IP 216.119.x.x) > > ~ > > ................................................................................................... > external > ip for management 24.182.x.x > ~ > ~~~~~~~~~~~~ PFSense > LAN ( IP 216.119.x.x) > > | > > | > > | > > SWITCH > > ~ > > ~ > Their Systems ~~~~~~~~~~ > > running ip ranges > 216.119.x.x > 67.184.x.x > 65.194.x.x > > so here is the deal - we allowed all traffic from WAN / LAN > bridged LAN to WAN > > Internally / externally we can ping the ip ranges .... when the > incoming ethernet is into the last switch touching their internal > network - but when we move that to the WAN Switch - no luck. > We know the connections are good - switch is good - > > Any suggestions? > > I would be willing to pay a small bounty - (as this non-profit > customer is willing (a church entity ) ) if someone could help. > > > Thanks a ton in advance > After 3 days of scratching our heads - redoing this 1400 times (ok so > > maybe not that much) > but enough to know the steps in our heads ... we thought it might be > > time to ask. > > If this works - I can see a great value to this PFSense product ... > Really nice looking - and it actually can compare very well to the > SonicWall, WatchGuard and other Pix products we see here... > Gotta love Open Source... Let's hope this works out. > > Thank again > > Glenn > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
