Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Bridge mode and wan/lan rules does not work

    Scheduled Pinned Locked Moved General pfSense Questions
    3 Posts 2 Posters 2.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dannato
      last edited by

      Hi,
      i use pfsense 1.2.3-RELEASE  configured in bridge mode.

      I am testing bridge mode and i have a situation like this:

      pfsense ip = wan.ip(bge0) / lan.ip(bge1) (but in bridge it have to use only wan.ip)
      server ip = srv.ip
      my ip = my.ip
      internet gw = gw.net

      • pfsense in bridge mode is connected on both nic to a 2960 cisco switch

      • server is connected to another switch 2960 uplinked and setup as gw WAN IP of pfsense.

      After i add on LAN rules that ALL can go outside and on WAN rules that server must have 22 port open to all, just LAN rules works fine for outgoing traffic but for incoming traffic nothing to do, just icmp.

      On shell i can see my rules:

      @38 pass in quick on bge0 reply-to (bge0 gw.net) inet from my.ip to any flags S/SA keep state label "USER_RULE: Damned"
        [ Evaluations: 101      Packets: 40        Bytes: 23746      States: 1    ]
        [ Inserted: uid 0 pid 2689 ]

      @39 pass in quick on bge1 all flags S/SA keep state label "USER_RULE: LAN ALL"
        [ Evaluations: 100      Packets: 167      Bytes: 13630      States: 3    ]
        [ Inserted: uid 0 pid 2689 ]

      ….

      @45 block drop in log quick all label "Default deny rule"
        [ Evaluations: 97        Packets: 97        Bytes: 5166        States: 0    ]
        [ Inserted: uid 0 pid 2689 ]
      @46 block drop out log quick all label "Default deny rule"
        [ Evaluations: 0        Packets: 0        Bytes: 0          States: 0    ]
        [ Inserted: uid 0 pid 2689 ]

      When i try to access from my.ip on srv.ip i can see on system logs > firewall message:

      @48 block drop in log quick all label "Default deny rule"

      I also checked "bypass firewall rules for traffic on same interface" but nothing works.

      So.. my questions are:

      1. Why my custom rules are not applied but they are present ?

      2. Why @48 rule block all but on shell there is NO @48 but at least @46 ?

      Waiting for your reply

      Best regards

      1 Reply Last reply Reply Quote 0
      • Cry HavokC
        Cry Havok
        last edited by

        Can you post a diagram showing what you're talking about, ideally with the actual IP addresses and netmasks.

        It would help if you were also to post screenshots of both the WAN and LAN firewall rules.  Without both the real IP addresses and netmasks and the screenshots it will be very hard to help you.

        1 Reply Last reply Reply Quote 0
        • D
          dannato
          last edited by

          Hi,
          i receive answer on mailing list so i can consider this problem closed.

          Answer was:

          "You can't do that with a bridge, a bridge is transparent. The gateway
          must be something upstream. If you want a setup like that, you need to
          set it up to properly route so the gateway is on an inside interface."

          Thanks anyway

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.