I used the docs at http://pfsense.trendchiller.com/transparent_firewall.pdf
I have a very similar setup in 5 locations
Pc
Tim Nelson wrote:
I'm successfully using pfSense in quite a few instances as transparent bridged
devices. They handle multiple-subnet bridging perfectly. I have found one
caveat is to put the WAN on your incoming provider (as you've done) and use an
OPT interface for the inside of the bridge. If I recall, there are some special
'hidden' rules on the LAN interface that are not present on OPTs. Also, you
don't even need to put a routable IP on the WAN for it to function properly. In
one case, I've assigned an IP from a private address space. The OPT interface
doesn't need an IP at all if it is bridged. Then, you'll want to have a
routable IP on your LAN for management purposes.
Also, WAN-->LAN communication is being NAT'ed by default which is another
reason why I've always used an OPT instead. I suppose you could turn off NAT but
where is the fun in that... :-)
Hope this helps!
Tim Nelson
Systems/Network Engineer
Rockbochs Inc.
(218)727-4332 x105
----- "Glenn Kelley" <[EMAIL PROTECTED]> wrote:
Greetings folks -
After a really nice long google search I ended up here ...
In short we have a number of ip's a client of ours is looking to setup
PFSense as a transparent bridge/firewall for.
Setup is as follows
Incoming Ethernet Connection from Data Center
|
|
|
SWITCH
|
|
|
PF SENSE WAN (IP 216.119.x.x)
~
...................................................................................................
external
ip for management 24.182.x.x
~
~~~~~~~~~~~~ PFSense
LAN ( IP 216.119.x.x)
|
|
|
SWITCH
~
~
Their Systems ~~~~~~~~~~
running ip ranges
216.119.x.x
67.184.x.x
65.194.x.x
so here is the deal - we allowed all traffic from WAN / LAN
bridged LAN to WAN
Internally / externally we can ping the ip ranges .... when the
incoming ethernet is into the last switch touching their internal
network - but when we move that to the WAN Switch - no luck.
We know the connections are good - switch is good -
Any suggestions?
I would be willing to pay a small bounty - (as this non-profit
customer is willing (a church entity ) ) if someone could help.
Thanks a ton in advance
After 3 days of scratching our heads - redoing this 1400 times (ok so
maybe not that much)
but enough to know the steps in our heads ... we thought it might be
time to ask.
If this works - I can see a great value to this PFSense product ...
Really nice looking - and it actually can compare very well to the
SonicWall, WatchGuard and other Pix products we see here...
Gotta love Open Source... Let's hope this works out.
Thank again
Glenn
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
!DSPAM:100001,48c68be6682486819557556!
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
