Transparent firewall
-
I might misunderstood the step about the LAN IP :
in Interfaces > LAN, If i let the IP empty , i get :
The following input errors were detected:
* The field 'IP address' is required.Do I have to put the same IP on wan and lan ?
-
Use a dummy adress there. it just needs to have an IP for some reason.
-
Ok, I think I worked to much today ???
So, lets resume,
on WAN, i select my dummy address (ie: 0.0.0.0/32) and gateway (the ip of the real gw)
on LAN, i select the IP I wish for the bridge and I bridge it to WANThen I don't see … Maybe I should sleep and re read manual :/
-
Nope:
1. Set a real IP on WAN and gateway (as this interface is the one the other gets bridged to). You will access your webgui by that IP from LAN-side. (If your WAN-IP-Range is inside a private range uncheck "block private IP range")
2. select bridge at your LAN interface and give THAT ONE a dummy IP (like 10.10.10.10/32).
3. Access your webgui by the WAN IP coming from your LAN-side and set up your rules.Good night ;D
-
I slept well . Now I can work again on it :p
-
I slept well . Now I can work again on it :p
So tell us, did it work, huh? did it work? ;D
If you get that to work you could make us a nice tutorial with wink, what do you say?
Cheers -
In fact it fails. Since I'm using a Shuttle XPC as the firewall, I order a double interfaced network card so I'll have 3 NIC and configure WAN, LAN and OPT.
WAN <-> OPT as a bridge on a certain IP
LAN as control interface.Once I succeed I'll try to write some kind of tutorial . but for now, I just gave up about a bridge with pfSence on a 2 NIC setup.
-
Sorry, we had a bridge bug in the latest version. Please try again with the upcoming version (ETA some minutes/hours).
-
Will check that then ;)
-
I justed DL the 96.2 iso … and it seems buggy . I DL twice on different computers, burned the same ...
When I boot on the disc, I get weird sound from the CD (no problem with another CD) and when it read the acd0 informations, several error occurs.I'll retry tomorrow, some other work to do today ...
-
This error report is of no use. Next time write down the errors.
-
Ok, I downloaded and burned a new ISO 96.2 from today on one of the mirrors. Installed. Configured.
Then, I created my bridge, deactivated NAT reflections … AND THERE IT WAS !
I rebooted to check something in the BIOS (didn't change anything though) ... and on reboot, configuration was there ... but no more bridge working. I don't have time to double check today so i'll do it tomorrow but that's quite annoying :/
-
OK, i'm build new bridge configuration
One moment - Lan mask (must be 32) take many my time.
My bridge dont work along i not memory this mask settings.Second moment - if i set any dummy address in Lan (not WAN address) - filter reload progress give error in [].. - what this i don't understand. But only i setup In LAN address IP= WAN address or mask=32 - all filter reload update normally
Please set in GUI avtomatic update LAN IP = WAN IP but only mask=32. This must leave many errors.
May be disable IP setting edit field LAN ip for BRIDGE mode?
And other any Bridged internal interfaces (OPT and etc)? -
on wan set a real ip adress this is the interface you will conect to
on lan set a ipadress it don't make out wat
it wil be ignord when you bridge it with youre wanmake sure youre on beta4 with the updates
-
list of interfaces for bridging
wan - lan wan ipadress
lan - opt1 lan ipadress
opt1 - opt2 opt1 ipadress
wan - opt1 wanipadress
opt1 - wan - lan wanipadress
etclist of interface weight
wan-lan-opt1-opt2 etc
interface with most weight is the ipadress that will work after the bridged melting -
Beta 4 updated, Bridge mode ON
If i set Lan any other address - i can ping them ( 2 address of firewall present!)
And - periodical error update rules + shaper problemNow i Begining test what i setup new (with prevous my post)
7 filtersupdate processes pass without errors (i dont change eny rule - only Edit-Save-Apply)
And shaper perhaps work too - this needs more testing. -
The shaper won't work in a bridging configuration.
-
This conceptual? Or in future shaping bridge possoble?
ps. I wanted use bridge(Or equivalence) + shapping + proxy in one system :(
-
It's a limitation. Not sure if there is a way to work around it. However, it won't be included in 1.0 and there is no promise that it will be in 1.1.
-
OK
If this can be in future - i very glad.
Thks.