Bridged Mode Firewall + Windows = Unable to access rest of subnet
-
Hi Guys,
I followed the instructions on how to turn pf into a Bridged/Transparent firewall and for the most part it seems to be working. Here are the basic settings:
WAN
IP: 212.6*.6.80 / 32
Gateway: 212.6.*6.1LAN
IP: 212.6*.*6.80 / 24
Bridge with: WANEverything else in the instructions PDF followed including firewall settings and disabling nat etc.
HOWEVER, my problem comes about when I configure my Windows PC's on the 'LAN' side. Here is the setting of one:
IP: 212.6*.6.82
Subnet: 255.255.255.0
Gateway: 212.6.6.80
DNS: 212.6.*6.3I can access the internet, but I cannot access other websites/machines that are on similar IP addresses like 212...85 (servers within my ISP's datacentre). I could almost convince myself that this is 'by design' if it wasn't for the fact that a linux machine configured with the network settings below can see all of the machines totally fine.
IP: 212.*6.*6.84
Netmask: 255.255.255.0
Network: 212.*6.*6.0
Broadcast: 212.*6.*6.255
Gateway: 212.*6.*6.80Any ideas?
-
EDIT:
It would seem that the Linux box has stopped communicating with the other servers too. Is there any way to fix this?
-
You need to use 212.6*.*6.1 as the gateway address on your hosts.
Edit: Your WAN address setup is wrong if your subnet is /24, change it to 212.6*.*6.80 / 24
-
Cheers for that kpa. I changed the WAN subnet to 24 as suggested and tested that all machines could still see google etc. However, when i changed the gateway of the machines from .80 to .1 all internet connectivity was lost :(
-
/24 may not be the correct subnet for your WAN. You need to speak with your ISP and ensure that you have the correct subnet mask.
-
Well i only have about 6 IP addresses on the whole range, is that the problem?
I thought netmask of 255.255.255.0 = /24 ? Or am I totally wrong :s
-
A /24 would mean that you have .1 - .254 addresses to use yourself from the subnet (.0 and .255 reserved). If you have only 6 addresses then you probably have a /29 but it looks like your setup may not be a standard one. I second what submicron says, ask your ISP for details.